diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-29 21:08:22 +0200 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-06-29 21:08:22 +0200 |
| commit | 96ad9f4f9fea1c1999aa7d46c150c3ab1134f043 (patch) | |
| tree | 281f477522ff4e9c0ca0dec0bfcae2c6473b98ce /src/receive.c | |
| parent | tools: remove double include in ipc (diff) | |
| download | wireguard-monolithic-historical-96ad9f4f9fea1c1999aa7d46c150c3ab1134f043.tar.xz wireguard-monolithic-historical-96ad9f4f9fea1c1999aa7d46c150c3ab1134f043.zip | |
receive: fix off-by-one in packet length checking
This caused certain packets to be rejected that shouldn't be rejected,
in the case of certain scatter-gather ethernet drivers doing GRO pulling
right up to the UDP bounds but not beyond. This caused certain TCP
connections to fail.
Thanks very much to Reuben for providing access to the machine to debug
this regression.
Reported-by: Reuben Martin <reuben.m@gmail.com>
Diffstat (limited to 'src/receive.c')
| -rw-r--r-- | src/receive.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/receive.c b/src/receive.c index 492a62f..3ce472b 100644 --- a/src/receive.c +++ b/src/receive.c @@ -35,7 +35,7 @@ static inline int skb_prepare_header(struct sk_buff *skb, struct wireguard_devic struct udphdr *udp; size_t data_offset, data_len; enum message_type message_type; - if (unlikely(skb_examine_untrusted_ip_hdr(skb) != skb->protocol || skb_transport_header(skb) < skb->head || (skb_transport_header(skb) + sizeof(struct udphdr)) >= skb_tail_pointer(skb))) + if (unlikely(skb_examine_untrusted_ip_hdr(skb) != skb->protocol || skb_transport_header(skb) < skb->head || (skb_transport_header(skb) + sizeof(struct udphdr)) > skb_tail_pointer(skb))) return -EINVAL; /* Bogus IP header */ udp = udp_hdr(skb); data_offset = (u8 *)udp - skb->data; |