aboutgitcodebugslistschat
path: root/test
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2022-09-24 19:08:22 +1000
committerStefano Brivio <sbrivio@redhat.com>2022-09-24 14:48:35 +0200
commitd5b80ccc72ed36367ac327748be66323c858ad5d (patch)
treef1ce40988380b1bd5b29397f5a8224146a41446d /test
parent3ede07aac96eababe3b1c335058e851a9951d17d (diff)
downloadpasst-d5b80ccc72ed36367ac327748be66323c858ad5d.tar
passt-d5b80ccc72ed36367ac327748be66323c858ad5d.tar.gz
passt-d5b80ccc72ed36367ac327748be66323c858ad5d.tar.bz2
passt-d5b80ccc72ed36367ac327748be66323c858ad5d.tar.lz
passt-d5b80ccc72ed36367ac327748be66323c858ad5d.tar.xz
passt-d5b80ccc72ed36367ac327748be66323c858ad5d.tar.zst
passt-d5b80ccc72ed36367ac327748be66323c858ad5d.zip
Fix widespread off-by-one error dealing with port numbers
Port numbers (for both TCP and UDP) are 16-bit, and so fit exactly into a 'short'. USHRT_MAX is therefore the maximum port number and this is widely used in the code. Unfortunately, a lot of those places don't actually want the maximum port number (USHRT_MAX == 65535), they want the total number of ports (65536). This leads to a number of potentially nasty consequences: * We have buffer overruns on the port_fwd::delta array if we try to use port 65535 * We have similar potential overruns for the tcp_sock_* arrays * Interestingly udp_act had the correct size, but we can calculate it in a more direct manner * We have a logical overrun of the ports bitmap as well, although it will just use an unused bit in the last byte so isnt harmful * Many loops don't consider port 65535 (which does mitigate some but not all of the buffer overruns above) * In udp_invert_portmap() we incorrectly compute the reverse port translation for return packets Correct all these by using a new NUM_PORTS defined explicitly for this purpose. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'test')
0 files changed, 0 insertions, 0 deletions