[Etherboot-developers] [PATCH 1/7] [ipv4] Check for buffer overflow when adding fragment

[Michal K. <mku...@su...>]

Check whether there is space enough for new fragment to prevent buffer
overflow if fragmented packet larger than IPV4_FRAG_IOB_SIZE (1500 bytes)
is received.

Signed-off-by: Michal Kubecek <mku...@su...>
---
 src/net/ipv4.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/src/net/ipv4.c b/src/net/ipv4.c
index 92d0684..30c1541 100644
--- a/src/net/ipv4.c
+++ b/src/net/ipv4.c
@@ -186,6 +186,14 @@ static struct io_buffer * ipv4_reassemble ( struct io_buffer * iobuf ) {
 				 * reassembled I/O buffer
 				 */
 				iob_pull ( iobuf, sizeof ( *iphdr ) );
+				if ( iob_tailroom ( fragbuf->frag_iob ) <
+					iob_len ( iobuf ) )
+				{
+					/* Fragmented packet is too long */
+					free_fragbuf ( fragbuf );
+					free_iob ( iobuf );
+					return NULL;
+				}
 				memcpy ( iob_put ( fragbuf->frag_iob,
 							iob_len ( iobuf ) ),
 					 iobuf->data, iob_len ( iobuf ) );
-- 
1.7.7