Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Decrease hop limit early to prevent router advertizement schenanigans.

  • Loading branch information...
commit 8dd271a9a33f57bd98c70c16ef9dacf89e6346d1 1 parent 6ad4812
Caleb James DeLisle authored
Showing with 20 additions and 8 deletions.
  1. +7 −7 net/Ducttape.c
  2. +13 −1 util/Security.c
View
14 net/Ducttape.c
@@ -571,6 +571,13 @@ static inline int core(struct Message* message, struct Ducttape_pvt* context)
{
context->ip6Header = (struct Headers_IP6Header*) message->bytes;
+ if (context->ip6Header->hopLimit == 0) {
+ Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
+ // TODO: send back an error message in response.
+ return Error_UNDELIVERABLE;
+ }
+ context->ip6Header->hopLimit--;
+
if (isForMe(message, context)) {
Message_shift(message, -Headers_IP6Header_SIZE);
@@ -609,13 +616,6 @@ static inline int core(struct Message* message, struct Ducttape_pvt* context)
}
}
- if (context->ip6Header->hopLimit == 0) {
- Log_debug(context->logger, "dropped message because hop limit has been exceeded.\n");
- // TODO: send back an error message in response.
- return Error_UNDELIVERABLE;
- }
- context->ip6Header->hopLimit--;
-
struct Node* nextHop = context->forwardTo;
context->forwardTo = NULL;
if (!nextHop) {
View
14 util/Security.c
@@ -49,13 +49,25 @@ void Security_noFiles(struct Except* eh)
#if !defined(RLIMIT_NOFILE) && defined(RLIMIT_OFILE)
#define RLIMIT_NOFILE RLIMIT_OFILE
#endif
- if (setrlimit(RLIMIT_NOFILE, &(struct rlimit){ 0, 0 })) {
+
+ #ifndef RLIMIT_INFINITY
+ #define LIM 1
+ #else
+ #define LIM 0
+ #endif
+
+ if (setrlimit(RLIMIT_NOFILE, &(struct rlimit){ LIM, LIM })) {
Except_raise(eh, -1, "Failed to set open file limit to zero [%s]", Errno_getString());
}
}
void Security_maxMemory(uint32_t max, struct Except* eh)
{
+ // RLIMIT_DATA doesn't prevent malloc() on linux.
+ // see: http://lkml.indiana.edu/hypermail/linux/kernel/0707.1/0675.html
+ #if !defined(RLIMIT_AS) && defined(RLIMIT_DATA)
+ #define RLIMIT_AS RLIMIT_DATA
+ #endif
if (setrlimit(RLIMIT_AS, &(struct rlimit){ max, max })) {
Except_raise(eh, -1, "Failed to limit available memory [%s]", Errno_getString());
}
Please sign in to comment.
Something went wrong with that request. Please try again.