8720 loader: add ip layer code into libstand

Review Request #676 — Created Oct. 15, 2017 and submitted

tsoome
illumos-gate
8720
7d7c1bd...
general
8720 loader: add ip layer code into libstand


  • 0
  • 0
  • 2
  • 1
  • 3
Description From Last Updated
danmcd
  1. It appears that an attacker could send you incomplete fragments, or overlapping fragments, and the reassembly queues just hang around, eating memory.

  2. usr/src/boot/lib/libstand/ip.c (Diff revision 1)
     
     

    The half-char is ip_v, not ip_p.

  3. usr/src/boot/lib/libstand/ip.c (Diff revision 1)
     
     

    Should you perhaps ip_reasm_free() here and give up on the packet? It looks like you return EAGAIN in the case of overlapping fragments, instead of just bailing on things.

  4. 
      
tsoome
danmcd
  1. 
      
  2. usr/src/boot/lib/libstand/ip.c (Diff revisions 1 - 2)
     
     

    Should you still set errno?

    1. Right now the read loop only does check if EAGAIN is set or not. With EAGAIN we do try again unless the read timeout is reached. For this patch, I would keep things simple as that, maybe it is good to add some additional checks or error notification, but lets do that later if/when there is the need.

  3. 
      
danmcd
  1. Ship It!
  2. 
      
tsoome
Review request changed

Status: Closed (submitted)

Loading...