niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix use of initialized memory (in this case, harmless) when a undersized packet is received

Browse source 
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson 2019-01-04 10:37:56 +01:00
parent 771eed118b
commit f2d0dd2ef4
2 changed files with 14 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/core/ddsi/include/ddsi/q_protocol.h
View file

@ -156,6 +156,11 @@ typedef struct Header {
nn_guid_prefix_t guid_prefix; nn_guid_prefix_t guid_prefix;
} Header_t; } Header_t;
#define NN_PROTOCOLID_INITIALIZER {{ 'R','T','P','S' }} #define NN_PROTOCOLID_INITIALIZER {{ 'R','T','P','S' }}
#if PLATFORM_IS_LITTLE_ENDIAN
#define NN_PROTOCOLID_AS_UINT32 (((uint32_t)'R' << 0) | ((uint32_t)'T' << 8) | ((uint32_t)'P' << 16) | ((uint32_t)'S' << 24))
#else
#define NN_PROTOCOLID_AS_UINT32 (((uint32_t)'R' << 24) | ((uint32_t)'T' << 16) | ((uint32_t)'P' << 8) | ((uint32_t)'S' << 0))
#endif
#define NN_PROTOCOL_VERSION_INITIALIZER { RTPS_MAJOR, RTPS_MINOR } #define NN_PROTOCOL_VERSION_INITIALIZER { RTPS_MAJOR, RTPS_MINOR }
#define NN_VENDORID_INITIALIER MY_VENDOR_ID #define NN_VENDORID_INITIALIER MY_VENDOR_ID
#define NN_HEADER_INITIALIZER { NN_PROTOCOLID_INITIALIZER, NN_PROTOCOL_VERSION_INITIALIZER, NN_VENDORID_INITIALIER, NN_GUID_PREFIX_UNKNOWN_INITIALIZER } #define NN_HEADER_INITIALIZER { NN_PROTOCOLID_INITIALIZER, NN_PROTOCOL_VERSION_INITIALIZER, NN_VENDORID_INITIALIER, NN_GUID_PREFIX_UNKNOWN_INITIALIZER }

28
src/core/ddsi/src/q_receive.c
View file

@ -3009,12 +3009,11 @@ static bool do_packet
nn_rmsg_setsize (rmsg, (uint32_t) sz); nn_rmsg_setsize (rmsg, (uint32_t) sz);
assert (vtime_asleep_p (self->vtime)); assert (vtime_asleep_p (self->vtime));
if if ((size_t)sz < RTPS_MESSAGE_HEADER_SIZE || *(uint32_t *)buff != NN_PROTOCOLID_AS_UINT32)
( {
(size_t) sz < RTPS_MESSAGE_HEADER_SIZE || /* discard packets that are really too small or don't have magic cookie */
buff[0] != 'R' || buff[1] != 'T' || buff[2] != 'P' || buff[3] != 'S' || }
hdr->version.major != RTPS_MAJOR || (hdr->version.major == RTPS_MAJOR && hdr->version.minor < RTPS_MINOR_MINIMUM) else if (hdr->version.major != RTPS_MAJOR || (hdr->version.major == RTPS_MAJOR && hdr->version.minor < RTPS_MINOR_MINIMUM))
)
{ {
if ((hdr->version.major == RTPS_MAJOR && hdr->version.minor < RTPS_MINOR_MINIMUM)) if ((hdr->version.major == RTPS_MAJOR && hdr->version.minor < RTPS_MINOR_MINIMUM))
DDS_TRACE("HDR(%x:%x:%x vendor %d.%d) len %lu\n, version mismatch: %d.%d\n", DDS_TRACE("HDR(%x:%x:%x vendor %d.%d) len %lu\n, version mismatch: %d.%d\n",
@ -3034,22 +3033,7 @@ static bool do_packet
PGUIDPREFIX (hdr->guid_prefix), hdr->vendorid.id[0], hdr->vendorid.id[1], (unsigned long) sz, addrstr); PGUIDPREFIX (hdr->guid_prefix), hdr->vendorid.id[0], hdr->vendorid.id[1], (unsigned long) sz, addrstr);
} }
{ handle_submsg_sequence (conn, &srcloc, self, now (), now_et (), &hdr->guid_prefix, guidprefix, buff, (size_t) sz, buff + RTPS_MESSAGE_HEADER_SIZE, rmsg);
handle_submsg_sequence
(
conn,
&srcloc,
self,
now (),
now_et (),
&hdr->guid_prefix,
guidprefix,
buff,
(size_t) sz,
buff + RTPS_MESSAGE_HEADER_SIZE,
rmsg
);
}
} }
thread_state_asleep (self); thread_state_asleep (self);
} }