fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-12 05:40:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/shared
History
Beniamino Galvani 7208f594f6 n-dhcp4: fix BPF filter endianness issue 
The BPF filter takes the byte containing IP Flags and performs a
bitwise AND with "ntohs(IP_MF | IP_OFFMASK)".

On little-endian architectures the IP_MF flag (0x20) is ANDed with
0xFF3F and so the presence of the flag is correctly detected ignoring
other flags as IP_DF (0x40) or IP_RF (0x80).

On big-endian, "ntohs(IP_MF | IP_OFFMASK)" is 0x3FFF and so the filter
wrongly checks the presence of *any* flags. Therefore, a packet with
the DF flag set is dropped.

Instead, take the two bytes containing flags and offset:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |Version|  IHL  |Type of Service|          Total Length         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Identification        |Flags|      Fragment Offset    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

and verify that IP_MF and the offset are zero.

Fixes: e43b1791a3 ('Merge commit 'e23b3c9c3ac86b065eef002fa5c4321cc4a87df2' as 'shared/n-dhcp4'')

https://bugzilla.redhat.com/show_bug.cgi?id=1861488
https://github.com/nettools/n-dhcp4/pull/19
(cherry picked from commit 03d38e83e558802a82cb0e4847cb1f1ef75ccd16)
(cherry picked from commit 0024cef238)
(cherry picked from commit 80835f8f89)
(cherry picked from commit 4588e2e817)
2020-08-04 16:30:11 +02:00
..
c-list shared/c-list: reimport 2019-04-14 17:22:04 +02:00
c-rbtree shared/c-rbtree: reimport 2019-04-14 17:23:01 +02:00
c-siphash shared/c-siphash: reimport 2019-04-14 17:23:25 +02:00
c-stdaux shared: patch c-stdaux.h to not include <stdatomic.h> 2019-04-14 17:17:52 +02:00
n-acd n-acd: fix leaking socket handle in n_acd_socket_new() when setsockopt() fails 2019-08-02 11:26:25 +02:00
n-dhcp4 n-dhcp4: fix BPF filter endianness issue 2020-08-04 16:30:11 +02:00
nm-glib-aux all: use wrappers for g_ascii_strtoll(), g_ascii_strtoull(), g_ascii_strtod() 2020-04-02 07:45:39 +02:00
nm-libnm-core-aux all: unify format of our Copyright source code comments 2019-10-02 17:03:52 +02:00
nm-libnm-core-intern core: add and indicate NM_CAPABILITY_OVS capability on D-Bus 2019-12-24 14:37:46 +01:00
nm-std-aux all: unify format of our Copyright source code comments 2019-10-02 17:03:52 +02:00
nm-udev-aux all: manually drop code comments with file description 2019-10-01 07:50:52 +02:00
nm-utils tests: replace NMTST_SWAP() by new NM_SWAP() macro 2020-03-26 22:22:57 +01:00
systemd systemd: merge branch systemd into master 2019-11-29 13:14:05 +01:00
meson.build shared: cleanup include guard for nm-logging-fwd.h 2019-11-28 19:20:33 +01:00
nm-default.h libnm: include "nm-libnm-utils.h" by default in libnm sources 2019-10-18 22:09:18 +02:00
nm-meta-setting.c all: unify format of our Copyright source code comments 2019-10-02 17:03:52 +02:00
nm-meta-setting.h all: unify format of our Copyright source code comments 2019-10-02 17:03:52 +02:00
nm-test-libnm-utils.h tests: add nmtstc_client_new() helper 2019-11-07 11:34:36 +01:00
nm-test-utils-impl.c all: fix wrong "gs_free GError *" declarations 2019-12-16 17:45:18 +01:00
nm-version-macros.h.in version: add NM_VERSION_1_22_8/NM_AVAILABLE_IN_1_22_8 macros 2020-02-17 15:06:10 +01:00