Commit 321ff8c4 authored by Ondrej Zajicek (work)'s avatar Ondrej Zajicek (work)
Browse files

Babel: Make sure intervals do not overflow 



Intervals are carried as 16-bit centisecond values, but kept internally
in 16-bit second values, which causes a potential for overflow. This adds
some checks to make sure this does not happen.

Signed-off-by: default avatarToke Høiland-Jørgensen <toke@toke.dk>
parent 6887f409

proto/babel/babel.h

+3 −1
Original line number Diff line number Diff line
@@ -50,10 +50,12 @@ 
#define BABEL_INITIAL_HOP_COUNT		255

#define BABEL_MAX_SEND_INTERVAL		5

#define BABEL_TIME_UNITS		100	/* On-wire times are counted in centiseconds */



#define BABEL_SEQNO_REQUEST_EXPIRY	60

#define BABEL_GARBAGE_INTERVAL		300



/* Max interval that will not overflow when carried as 16-bit centiseconds */

#define BABEL_MAX_INTERVAL		(0xFFFF/BABEL_TIME_UNITS)



#define BABEL_OVERHEAD		(SIZE_OF_IP_HEADER+UDP_HEADER_LENGTH)

#define BABEL_MIN_MTU		(512 + BABEL_OVERHEAD)

proto/babel/config.Y

+5 −4
Original line number Diff line number Diff line
@@ -77,17 +77,18 @@ babel_iface_finish: 
      BABEL_IFACE->rxcost = BABEL_RXCOST_WIRED;

  }



  /* Make sure we do not overflow the 16-bit centisec fields */

  if (!BABEL_IFACE->update_interval)

    BABEL_IFACE->update_interval = BABEL_IFACE->hello_interval*BABEL_UPDATE_INTERVAL_FACTOR;

  BABEL_IFACE->ihu_interval = BABEL_IFACE->hello_interval*BABEL_IHU_INTERVAL_FACTOR;

    BABEL_IFACE->update_interval = MIN_(BABEL_IFACE->hello_interval*BABEL_UPDATE_INTERVAL_FACTOR, BABEL_MAX_INTERVAL);

  BABEL_IFACE->ihu_interval = MIN_(BABEL_IFACE->hello_interval*BABEL_IHU_INTERVAL_FACTOR, BABEL_MAX_INTERVAL);

};





babel_iface_item:

 | PORT expr { BABEL_IFACE->port = $2; if (($2<1) || ($2>65535)) cf_error("Invalid port number"); }

 | RXCOST expr { BABEL_IFACE->rxcost = $2; if (($2<1) || ($2>65535)) cf_error("Invalid rxcost"); }

 | HELLO INTERVAL expr { BABEL_IFACE->hello_interval = $3; if (($3<1) || ($3>65535)) cf_error("Invalid hello interval"); }

 | UPDATE INTERVAL expr { BABEL_IFACE->update_interval = $3; if (($3<1) || ($3>65535)) cf_error("Invalid hello interval"); }

 | HELLO INTERVAL expr { BABEL_IFACE->hello_interval = $3; if (($3<1) || ($3>BABEL_MAX_INTERVAL)) cf_error("Invalid hello interval"); }

 | UPDATE INTERVAL expr { BABEL_IFACE->update_interval = $3; if (($3<1) || ($3>BABEL_MAX_INTERVAL)) cf_error("Invalid update interval"); }

 | TYPE WIRED { BABEL_IFACE->type = BABEL_IFACE_TYPE_WIRED; }

 | TYPE WIRELESS { BABEL_IFACE->type = BABEL_IFACE_TYPE_WIRELESS; }

 | RX BUFFER expr { BABEL_IFACE->rx_buffer = $3; if (($3<256) || ($3>65535)) cf_error("RX buffer must be in range 256-65535"); }

CRA Git | Maintained and supported by SUSTech CRA and CCSE