1. 27 8月, 2008 2 次提交
    • G
      dccp: Silently ignore options with nonsensical lengths · 1efa6bba
      Gerrit Renker 提交于
      This updates the option-parsing code with regard to RFC 4340, 5.8:
       "[..] options with nonsensical lengths (length byte less than two or more
        than the remaining space in the options portion of the header) MUST be
        ignored, and any option space following an option with nonsensical length
        MUST likewise be ignored."
      
      Hence in the following cases erratic options will be ignored:
       1. The type byte of a multi-byte option is the last byte of the header
          options (i.e. effective option length of 1).
       2. The value of the length byte is less than the minimum 2. This has been 
          changed from previously 3: although no multi-byte option with a length
          less than 3 yet exists (cf. table 3 in 5.8), a length of 2 is valid.
          (The switch-statement in dccp_parse has further per-option length checks.)
       3. The option length exceeds the length of the remaining option space.
      Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk>
      1efa6bba
    • W
      dccp: Always generate a Reset in response to option errors · 33c44967
      Wei Yongjun 提交于
      RFC4340 states that if a packet is received with an option error (such as a
      Mandatory Option as the last byte of the option list), the endpoint should
      repond with a Reset.
      
      In the LISTEN and RESPOND states, the endpoint correctly reponds with Reset,
      while in the REQUEST/OPEN states, packets with option errors are just ignored.
      
      The packet sequence is as follows:
      
      Case 1:
      
        Endpoint A                           Endpoint B
        (CLOSED)                             (CLOSED)
      
                     <----------------       REQUEST
      
        RESPONSE     ----------------->      (*1)
        (with invalid option)
                     <----------------       RESET
                                             (with Reset Code 5, "Option Error")
      
        (*1) currently just ignored, no Reset is sent
      
      Case 2:
      
        Endpoint A                           Endpoint B
        (OPEN)                               (OPEN)
      
        DATA-ACK     ----------------->      (*2)
        (with invalid option)
                     <----------------       RESET
                                             (with Reset Code 5, "Option Error")
      
        (*2) currently just ignored, no Reset is sent
      
      This patch fixes the problem, by generating a Reset instead of silently
      ignoring option errors.
      Signed-off-by: NWei Yongjun <yjwei@cn.fujitsu.com>
      Acked-by: NArnaldo Carvalho de Melo <acme@redhat.com>
      Acked-by: NGerrit Renker <gerrit@erg.abdn.ac.uk>
      33c44967
  2. 23 8月, 2008 38 次提交