From 9b273319de2aaff96ee55c64c164d694f2bd6b64 Mon Sep 17 00:00:00 2001 From: Maxime Piraux Date: Thu, 14 Jan 2021 10:19:10 +0100 Subject: [PATCH] Fixes a bug corrupting Multipath addresses --- plugins/multipath/bpf.h | 2 +- plugins/multipath/process_add_address_frame.c | 5 +++++ plugins/multipath/write_add_address_frame.c | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/multipath/bpf.h b/plugins/multipath/bpf.h index 9d9ff3d..f2b85c0 100644 --- a/plugins/multipath/bpf.h +++ b/plugins/multipath/bpf.h @@ -116,7 +116,7 @@ typedef struct { uniflow_data_t *sending_uniflows[MAX_SENDING_UNIFLOWS]; uniflow_data_t *receiving_uniflows[MAX_RECEIVING_UNIFLOWS]; addr_data_t loc_addrs[MAX_ADDRS]; - addr_data_t rem_addrs[MAX_ADDRS]; + addr_data_t rem_addrs[MAX_ADDRS_STORAGE]; // uint8_t pkt_seen_non_ack; uint64_t uniflows_sequence; diff --git a/plugins/multipath/process_add_address_frame.c b/plugins/multipath/process_add_address_frame.c index 76b43ee..23d77cd 100644 --- a/plugins/multipath/process_add_address_frame.c +++ b/plugins/multipath/process_add_address_frame.c @@ -18,6 +18,11 @@ protoop_arg_t process_add_address_frame(picoquic_cnx_t *cnx) } } + if (addr_index >= sizeof(bpfd->rem_addrs) / sizeof(addr_data_t)) { + /* No more place to store the address*/ + return 0; + } + /* Create a copy of the sockaddr for the rem_addrs array, as the frame will be freed */ bpfd->rem_addrs[addr_index].id = frame->address_id; if (frame->ip_vers == 4) { diff --git a/plugins/multipath/write_add_address_frame.c b/plugins/multipath/write_add_address_frame.c index 2dca53c..ff5b11c 100644 --- a/plugins/multipath/write_add_address_frame.c +++ b/plugins/multipath/write_add_address_frame.c @@ -64,6 +64,9 @@ protoop_arg_t write_add_address_frame(picoquic_cnx_t* cnx) if (addr_index == -1) { /* It's a new address, store it */ addr_index = bpfd->nb_loc_addrs; + if (addr_index >= sizeof(bpfd->loc_addrs) / sizeof(addr_data_t)) { + continue; /* No more place to handle it */ + } addr_id = addr_index; bpfd->loc_addrs[addr_index].id = addr_id;