git: c63d587365eb - stable/14 - tcp over udp: don't copy more bytes than avaiable
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 31 Oct 2025 19:09:45 UTC
The branch stable/14 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=c63d587365eb1bb434e223ce011a5704be540bff
commit c63d587365eb1bb434e223ce011a5704be540bff
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-10-23 07:24:09 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-10-31 14:09:14 +0000
tcp over udp: don't copy more bytes than avaiable
When copying the data in the first mbuf to get rid of the UDP
header, use the correct length. It was copying too much (8 bytes,
the length of the UDP header).
This only applies to handling TCP over UDP packets. The support for
TCP over UDP is disabled by default.
Reported by: jtl
Reviewed by: Peter Lei
Sponsored by: Netflix, Inc.
(cherry picked from commit bfda98a42027417b2fa74738c63327532013e93b)
---
sys/netinet/tcp_subr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 6829d2a743f2..81b378f496c9 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -654,7 +654,7 @@ tcp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp,
}
}
m->m_pkthdr.tcp_tun_port = port = uh->uh_sport;
- bcopy(th, uh, m->m_len - off);
+ bcopy(th, uh, m->m_len - off - sizeof(struct udphdr));
m->m_len -= sizeof(struct udphdr);
m->m_pkthdr.len -= sizeof(struct udphdr);
/*