From d44f5fe11fcf06bac6244f09cad5c58df7a70e92 Mon Sep 17 00:00:00 2001 From: zouyonghao Date: Fri, 25 Dec 2020 21:59:44 +0800 Subject: [PATCH] Validate ip length before using tcp header. Otherwise the tcph->doff maybe overflow which will be reported by ASan --- mtcp/src/tcp_in.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mtcp/src/tcp_in.c b/mtcp/src/tcp_in.c index 5d984a7e4..95788d801 100644 --- a/mtcp/src/tcp_in.c +++ b/mtcp/src/tcp_in.c @@ -1205,6 +1205,10 @@ int ProcessTCPPacket(mtcp_manager_t mtcp, uint32_t cur_ts, const int ifidx, const struct iphdr *iph, int ip_len) { + if (ip_len < (iph->ihl << 2) + sizeof(struct tcphdr)) { + TRACE_DBG("Invalid IP header length\n"); + return ERROR; + } struct tcphdr* tcph = (struct tcphdr *) ((u_char *)iph + (iph->ihl << 2)); uint8_t *payload = (uint8_t *)tcph + (tcph->doff << 2); int payloadlen = ip_len - (payload - (u_char *)iph);