Re: [PATCH] grub-core/net/arp.c: trim arp packets with abnormal size.

[Vladimir 'φ-coder/phcoder' Serbinenko]

On 31.01.2014 16:35, Paulo Flabiano Smorigo wrote:
> * grub-core/net/arp.c (grub_net_arp_receive): Trim arp packets with abnormal 
> size.
> 
> GRUB uses arp request to create the arp response. If the incoming packet is
> foobared, GRUB needs to trim the arp response packet before sending it.
> 
> This is just a fix in time for 2.02. I'm planning to rewrite the arp response 
> code
> after the release.
> 
> diff --git a/ChangeLog b/ChangeLog
> index cfa9c83..10e9c3d 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,11 @@
> +2014-01-31  Paulo Flabiano Smorigo  <address@hidden>
> +
> +     * grub-core/net/arp.c (grub_net_arp_receive): Trim arp packets with
> +     abnormal size.
> +
> +     GRUB uses arp request to create the arp response. If the incoming 
> packet is
> +     foobared, GRUB needs to trim the arp response packet before sending it.
> +
>  2014-01-29  Vladimir Serbinenko  <address@hidden>
>  
>       * grub-core/disk/ahci.c: Increase timeout. Some SSDs take up to
> diff --git a/grub-core/net/arp.c b/grub-core/net/arp.c
> index d62d0cc..77581f4 100644
> --- a/grub-core/net/arp.c
> +++ b/grub-core/net/arp.c
> @@ -162,6 +162,12 @@ grub_net_arp_receive (struct grub_net_buff *nb,
>      if (grub_net_addr_cmp (&inf->address, &target_addr) == 0
>       && grub_be_to_cpu16 (arp_header->op) == ARP_REQUEST)
>        {
> +        if ((nb->tail - nb->data) > 50)
> +          {
> +            grub_dprintf ("net", "arp packet with abnormal size (%ld 
> bytes).\n",
> +                         nb->tail - nb->data);
> +            nb->tail = nb->data + 50;
> +          }
This is not right solution, I already commented on it. Instead you need
to recompute arp length from its fields.
>       grub_net_link_level_address_t target;
>       /* We've already checked that pln is either 4 or 16.  */
>       char tmp[16];
>

signature.asc
Description: OpenPGP digital signature