git: bfda98a42027 - main - tcp over udp: don't copy more bytes than avaiable
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 23 Oct 2025 07:27:54 UTC
The branch main has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=bfda98a42027417b2fa74738c63327532013e93b
commit bfda98a42027417b2fa74738c63327532013e93b
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2025-10-23 07:24:09 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2025-10-23 07:24:09 +0000
tcp over udp: don't copy more bytes than avaiable
When copying the data in the first mbuf to get rid of the UDP
header, use the correct length. It was copying too much (8 bytes,
the length of the UDP header).
This only applies to handling TCP over UDP packets. The support for
TCP over UDP is disabled by default.
Reported by: jtl
Reviewed by: Peter Lei
MFC after: 3 days
Sponsored by: Netflix, Inc.
---
sys/netinet/tcp_subr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index c817c79881d6..b6f428b279b3 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -607,7 +607,7 @@ tcp_recv_udp_tunneled_packet(struct mbuf *m, int off, struct inpcb *inp,
}
}
m->m_pkthdr.tcp_tun_port = port = uh->uh_sport;
- bcopy(th, uh, m->m_len - off);
+ bcopy(th, uh, m->m_len - off - sizeof(struct udphdr));
m->m_len -= sizeof(struct udphdr);
m->m_pkthdr.len -= sizeof(struct udphdr);
/*