diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2024-09-12 16:59:40 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-09-12 09:13:59 +0200 |
| commit | 5ff5d55291d2223c65f889b8eee446b8ed2c551c (patch) | |
| tree | adf0978817b5e38caa66de823ee54cec3b5c0857 | |
| parent | 1f414ed8f0b3101363c1373e338802186eb29b7c (diff) | |
| download | passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.tar passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.tar.gz passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.tar.bz2 passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.tar.lz passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.tar.xz passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.tar.zst passt-5ff5d55291d2223c65f889b8eee446b8ed2c551c.zip | |
tcp: Avoid overlapping memcpy() in DUP_ACK handling
When handling the DUP_ACK flag, we copy all the buffers making up the ack
frame. However, all our frames share the same buffer for the Ethernet
header (tcp4_eth_src or tcp6_eth_src), so copying the TCP_IOV_ETH will
result in a (perfectly) overlapping memcpy(). This seems to have been
harmless so far, but overlapping ranges to memcpy() is undefined behaviour,
so we really should avoid it.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | tcp_buf.c | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -332,9 +332,13 @@ int tcp_buf_send_flag(struct ctx *c, struct tcp_tap_conn *conn, int flags) else dup_iov = tcp6_l2_flags_iov[tcp6_flags_used++]; - for (i = 0; i < TCP_NUM_IOVS; i++) - memcpy(dup_iov[i].iov_base, iov[i].iov_base, - iov[i].iov_len); + for (i = 0; i < TCP_NUM_IOVS; i++) { + /* All frames share the same ethernet header buffer */ + if (i != TCP_IOV_ETH) { + memcpy(dup_iov[i].iov_base, iov[i].iov_base, + iov[i].iov_len); + } + } dup_iov[TCP_IOV_PAYLOAD].iov_len = iov[TCP_IOV_PAYLOAD].iov_len; } |