diff options
author | Anand Kumar <kumaranand@vmware.com> | 2017-06-09 19:54:45 -0700 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2017-07-10 11:14:55 -0700 |
commit | b34cd6119aa1ce50d910252202e5eaa13b5fce5e (patch) | |
tree | ed06dafb654091201a809284b306f3dfa31f23f1 /datapath-windows/ovsext/IpFragment.h | |
parent | ef666482cb8ab034a2aec3cec6ae07bd7b62136b (diff) | |
download | openvswitch-b34cd6119aa1ce50d910252202e5eaa13b5fce5e.tar.gz |
datapath-windows: Add validations in fragmentation module
- Minimum valid fragment size is 400 bytes, any fragment smaller
is likely to be intentionally crafted (CVE-2000-0305).
- Validate maximum length of an Ip datagram
- Added counters to keep track of number of fragments for a given
Ip datagram.
Signed-off-by: Anand Kumar <kumaranand@vmware.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com>
Acked-by: Sairam Venugopal <vsairam@vmware.com>
Diffstat (limited to 'datapath-windows/ovsext/IpFragment.h')
-rw-r--r-- | datapath-windows/ovsext/IpFragment.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/IpFragment.h b/datapath-windows/ovsext/IpFragment.h index e650399e6..cd5b96033 100644 --- a/datapath-windows/ovsext/IpFragment.h +++ b/datapath-windows/ovsext/IpFragment.h @@ -37,6 +37,8 @@ typedef struct _OVS_IPFRAG_KEY { typedef struct _OVS_IPFRAG_ENTRY { NDIS_SPIN_LOCK lockObj; /* To access the entry. */ + BOOLEAN markedForDelete; + UINT8 numFragments; UINT16 totalLen; UINT16 recvdLen; UINT16 mru; |