[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] slirp: Don't crash on packets from 0.0.0.0/8.
|
From: |
Jan Kiszka |
|
Subject: |
Re: [Qemu-devel] [PATCH] slirp: Don't crash on packets from 0.0.0.0/8. |
|
Date: |
Mon, 12 Nov 2012 17:24:16 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12) Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666 |
On 2012-11-12 15:41, Nickolai Zeldovich wrote:
> On Mon, Nov 12, 2012 at 4:37 AM, Jan Kiszka <address@hidden> wrote:
>> On 2012-11-12 01:59, Nickolai Zeldovich wrote:
>>> LWIP can generate packets with a source of 0.0.0.0, which triggers an
>>> assertion failure in arp_table_add(). Instead of crashing, simply return
>>> to avoid adding an invalid ARP table entry.
>>
>> I would prefer to filter out such invalid packets at a different level.
>> Did you analyzed which path it takes through the stack?
>
> The particular packet that crashed qemu for me was a gratuitous ARP,
> though it looks like all three calls to arp_table_add() in arp_input()
> can trigger this.
>
> Popping up one level, I'm not sure why arp_table_add() and
> arp_table_search() need a special case for 0.0.0.0/8 in the first
> place. I couldn't find any other code that assumes the ARP table
> cannot contain 0.0.0.0/8 entries. Would anything break if the check
> for 0.0.0.0/8 was removed from arp_table_add() and arp_table_search()
> altogether?
0.0.0.0/8 are source-only, invalid as destination. So they have no place
in the ARP table.
OK, let's follow your path and filter them in arp_table_add. Just add
the missing braces and resend.
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux