Fix widespread off-by-one error dealing with port numbers

Port numbers (for both TCP and UDP) are 16-bit, and so fit exactly into a
'short'.  USHRT_MAX is therefore the maximum port number and this is widely
used in the code.  Unfortunately, a lot of those places don't actually
want the maximum port number (USHRT_MAX == 65535), they want the total
number of ports (65536).  This leads to a number of potentially nasty
consequences:

 * We have buffer overruns on the port_fwd::delta array if we try to use
   port 65535
 * We have similar potential overruns for the tcp_sock_* arrays
 * Interestingly udp_act had the correct size, but we can calculate it in
   a more direct manner
 * We have a logical overrun of the ports bitmap as well, although it will
   just use an unused bit in the last byte so isnt harmful
 * Many loops don't consider port 65535 (which does mitigate some but not
   all of the buffer overruns above)
 * In udp_invert_portmap() we incorrectly compute the reverse port
   translation for return packets

Correct all these by using a new NUM_PORTS defined explicitly for this
purpose.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

1 files changed, 5 insertions, 2 deletions

diff --git a/port_fwd.h b/port_fwd.h
index 7e6a7d7..6f55e19 100644
--- a/port_fwd.h
+++ b/port_fwd.h
@@ -7,6 +7,9 @@
 #ifndef PORT_FWD_H
 #define PORT_FWD_H
 
+/* Number of ports for both TCP and UDP */
+#define	NUM_PORTS	(1U << 16)
+
 enum port_fwd_mode {
 	FWD_SPEC = 1,
 	FWD_NONE,
@@ -14,7 +17,7 @@ enum port_fwd_mode {
 	FWD_ALL,
 };
 
-#define PORT_BITMAP_SIZE	DIV_ROUND_UP(USHRT_MAX, 8)
+#define PORT_BITMAP_SIZE	DIV_ROUND_UP(NUM_PORTS, 8)
 
 /**
  * port_fwd - Describes port forwarding for one protocol and direction
@@ -25,7 +28,7 @@ enum port_fwd_mode {
 struct port_fwd {
 	enum port_fwd_mode mode;
 	uint8_t map[PORT_BITMAP_SIZE];
-	in_port_t delta[USHRT_MAX];
+	in_port_t delta[NUM_PORTS];
 };
 
 #endif /* PORT_FWD_H */