fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-13 17:53:48 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/shared
History
Beniamino Galvani 80835f8f89 n-dhcp4: fix BPF filter endianness issue 
The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".

On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).

On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.

Instead, take the two bytes containing flags and offset:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

and verify that IP_MF and the offset are zero.

Fixes: e43b1791a3 ('Merge commit 'e23b3c9c3ac86b065eef002fa5c4321cc4a87df2' as 'shared/n-dhcp4'')

https://bugzilla.redhat.com/show_bug.cgi?id=1861488
https://github.com/nettools/n-dhcp4/pull/19
(cherry picked from commit 03d38e83e558802a82cb0e4847cb1f1ef75ccd16)
(cherry picked from commit 0024cef238)
2020-08-04 16:28:11 +02:00
..
c-list shared/c-list: reimport 2020-06-03 22:00:56 +02:00
c-rbtree shared/c-rbtree: reimport 2020-06-03 22:08:05 +02:00
c-siphash shared/c-siphash: reimport 2020-06-03 22:10:22 +02:00
c-stdaux shared/c-stdaux: reimport 2020-06-03 22:05:14 +02:00
n-acd shared/n-acd: reimport 2020-06-03 22:14:39 +02:00
n-dhcp4 n-dhcp4: fix BPF filter endianness issue 2020-08-04 16:28:11 +02:00
nm-glib-aux shared: assert that nm_utils_strsplit_set_full() returns non-empty strv array 2020-07-11 15:07:45 +02:00
nm-std-aux license: relicense "shared/nm-std-aux/nm-dbus-compat.h" under LGPL-2.1+ 2020-01-14 16:54:43 +01:00
nm-udev-aux shared/udev: don't use GIOChannel to watch plain file descriptor 2020-01-13 15:46:04 +01:00
nm-utils shared/tests: add nmtst_assert_variant_bytestring() helper 2020-06-11 12:00:49 +02:00
systemd tests: add nmtst_extract_first_word_all() for testing 2020-06-24 09:02:17 +02:00
meson.build all: move "shared/nm-libnm-aux" to "libnm/nm-libnm-aux" 2020-06-11 10:53:50 +02:00
nm-default.h libnm: include "nm-libnm-utils.h" by default in libnm sources 2019-10-18 22:09:18 +02:00
nm-meta-setting.c libnm-core,cli: add VRF setting 2020-01-14 09:49:01 +01:00
nm-meta-setting.h libnm-core,cli: add VRF setting 2020-01-14 09:49:01 +01:00
nm-test-libnm-utils.h tests: add include guard to "nm-test-libnm-utils.h" header 2020-05-07 13:58:10 +02:00
nm-test-utils-impl.c all: use "int/char" instead of "gint/gchar" typedefs 2020-05-08 12:56:29 +02:00
nm-version-macros.h.in release: bump version to 1.25.0 (development) 2020-04-10 18:08:10 +02:00