Re: XDP invalid memory access
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: XDP invalid memory access
- From: David Ahern <dsahern@xxxxxxxxx>
- Date: Wed, 15 Jan 2020 17:40:46 -0700
- In-reply-to: <CAK86TEcyRqVrB-OOiCxtM6WLMp-Sr_+eO9G70+T=OMpF2KBrgQ@mail.gmail.com>
- References: <CAK86TEf+GY3F8resRW11DNvate5uqSsh=JAQuJHhBuL0sQpvjg@mail.gmail.com> <87ftggtl7t.fsf@toke.dk> <CAK86TEcyRqVrB-OOiCxtM6WLMp-Sr_+eO9G70+T=OMpF2KBrgQ@mail.gmail.com>
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
On 1/15/20 3:31 PM, Vincent Li wrote:
> On Wed, Jan 15, 2020 at 2:21 PM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote:
>
>> You have to check that you're not reading out of bounds before
>> dereferencing the bytes in the TCP header...
>>
>
> I have below before the optlen
>
> 47 /* sanity check needed by the eBPF verifier */
>
> 48 if ((void *)(tcphdr + 1) > data_end)
>
> 49 return 0;
>
> this is not enough, how do I check the out of bounds properly?
>
options are optional and after 'struct tcphdr' you need to do something
like:
if ((void *)(tcphdr + 1) + tcphdr->doff > data_end)
return XDP_....
[Index of Archives]
[Linux Networking Development]
[Fedora Linux Users]
[Linux SCTP]
[DCCP]
[Gimp]
[Yosemite Campsites]
