PERFORCE change 139160 for review

Tue Apr 1 13:35:14 PDT 2008

http://perforce.freebsd.org/chv.cgi?CH=139160

Change 139160 by andre at andre_flirtbox on 2008/04/01 20:34:28

	The order of the TCP options was changed and some assumptions of
	tcp_addoptions() no longer hold true.  Add a test for all options
	preventing overflows.

Affected files ...

.. //depot/projects/tcp_reass/netinet/tcp.h#4 edit
.. //depot/projects/tcp_reass/netinet/tcp_output.c#5 edit
.. //depot/projects/tcp_reass/netinet/tcp_var.h#10 edit

Differences ...

==== //depot/projects/tcp_reass/netinet/tcp.h#4 (text+ko) ====


==== //depot/projects/tcp_reass/netinet/tcp_output.c#5 (text+ko) ====

@@ -1279,12 +1279,16 @@
 	for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) {
 		if ((to->to_flags & mask) != mask)
 			continue;
+		if (optlen == TCP_MAXOLEN)
+			break;
 		switch (to->to_flags & mask) {
 		case TOF_MSS:
 			while (optlen % 4) {
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG)
+				continue;
 			optlen += TCPOLEN_MAXSEG;
 			*optp++ = TCPOPT_MAXSEG;
 			*optp++ = TCPOLEN_MAXSEG;
@@ -1297,6 +1301,8 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW)
+				continue;
 			optlen += TCPOLEN_WINDOW;
 			*optp++ = TCPOPT_WINDOW;
 			*optp++ = TCPOLEN_WINDOW;
@@ -1307,6 +1313,8 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED)
+				continue;
 			optlen += TCPOLEN_SACK_PERMITTED;
 			*optp++ = TCPOPT_SACK_PERMITTED;
 			*optp++ = TCPOLEN_SACK_PERMITTED;
@@ -1316,6 +1324,8 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
+			if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP)
+				continue;
 			optlen += TCPOLEN_TIMESTAMP;
 			*optp++ = TCPOPT_TIMESTAMP;
 			*optp++ = TCPOLEN_TIMESTAMP;
@@ -1352,7 +1362,7 @@
 				optlen += TCPOLEN_NOP;
 				*optp++ = TCPOPT_NOP;
 			}
-			if (TCP_MAXOLEN - optlen < 2 + TCPOLEN_SACK)
+			if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK)
 				continue;
 			optlen += TCPOLEN_SACKHDR;
 			*optp++ = TCPOPT_SACK;

==== //depot/projects/tcp_reass/netinet/tcp_var.h#10 (text+ko) ====

