check the length of IPv4 packet info control messages, add log message (#3920)

2025-04-03 20:27:35 +03:00 · 2023-07-01 12:03:00 -07:00 · 2023-07-01 12:03:00 -07:00 · fd0c9bbf9e
commit fd0c9bbf9e
parent 0662afba63
4 changed files with 66 additions and 19 deletions
--- a/sys_conn_helper_darwin.go
+++ b/sys_conn_helper_darwin.go
@ -2,7 +2,12 @@

 package quic

-import "golang.org/x/sys/unix"
+import (
+	"encoding/binary"
+	"net/netip"
+
+	"golang.org/x/sys/unix"
+)

 const (
 	msgTypeIPTOS = unix.IP_RECVTOS
@ -12,3 +17,15 @@ const (
 // ReadBatch only returns a single packet on OSX,
 // see https://godoc.org/golang.org/x/net/ipv4#PacketConn.ReadBatch.
 const batchSize = 1
+
+func parseIPv4PktInfo(body []byte) (ip netip.Addr, ifIndex uint32, ok bool) {
+	// struct in_pktinfo {
+	// 	unsigned int   ipi_ifindex;  /* Interface index */
+	// 	struct in_addr ipi_spec_dst; /* Local address */
+	// 	struct in_addr ipi_addr;     /* Header Destination address */
+	// };
+	if len(body) != 12 {
+		return netip.Addr{}, 0, false
+	}
+	return netip.AddrFrom4(*(*[4]byte)(body[8:12])), binary.LittleEndian.Uint32(body), true
+}
--- a/sys_conn_helper_freebsd.go
+++ b/sys_conn_helper_freebsd.go
@ -2,7 +2,11 @@

 package quic

-import "golang.org/x/sys/unix"
+import (
+	"net/netip"
+
+	"golang.org/x/sys/unix"
+)

 const (
 	msgTypeIPTOS = unix.IP_RECVTOS
@ -10,3 +14,13 @@ const (
 )

 const batchSize = 8
+
+func parseIPv4PktInfo(body []byte) (ip netip.Addr, _ uint32, ok bool) {
+	// struct in_pktinfo {
+	// 	struct in_addr ipi_addr;     /* Header Destination address */
+	// };
+	if len(body) != 4 {
+		return netip.Addr{}, 0, false
+	}
+	return netip.AddrFrom4(*(*[4]byte)(body)), 0, true
+}
--- a/sys_conn_helper_linux.go
+++ b/sys_conn_helper_linux.go
@ -3,6 +3,8 @@
 package quic

 import (
+	"encoding/binary"
+	"net/netip"
 	"syscall"

 	"golang.org/x/sys/unix"
@ -34,3 +36,15 @@ func forceSetSendBuffer(c syscall.RawConn, bytes int) error {
 	}
 	return serr
 }
+
+func parseIPv4PktInfo(body []byte) (ip netip.Addr, ifIndex uint32, ok bool) {
+	// struct in_pktinfo {
+	// 	unsigned int   ipi_ifindex;  /* Interface index */
+	// 	struct in_addr ipi_spec_dst; /* Local address */
+	// 	struct in_addr ipi_addr;     /* Header Destination address */
+	// };
+	if len(body) != 12 {
+		return netip.Addr{}, 0, false
+	}
+	return netip.AddrFrom4(*(*[4]byte)(body[8:12])), binary.LittleEndian.Uint32(body), true
+}
--- a/sys_conn_oob.go
+++ b/sys_conn_oob.go
@ -6,8 +6,10 @@ import (
 	"encoding/binary"
 	"errors"
 	"fmt"
+	"log"
 	"net"
 	"net/netip"
+	"sync"
 	"syscall"
 	"time"

@ -149,6 +151,8 @@ func newConn(c OOBCapablePacketConn, supportsDF bool) (*oobConn, error) {
 	return oobConn, nil
 }

+var invalidCmsgOnceV4, invalidCmsgOnceV6 sync.Once
+
 func (c *oobConn) ReadPacket() (receivedPacket, error) {
 	if len(c.messages) == int(c.readPos) { // all messages read. Read the next batch of messages.
 		c.messages = c.messages[:batchSize]
@ -189,21 +193,16 @@ func (c *oobConn) ReadPacket() (receivedPacket, error) {
 			case msgTypeIPTOS:
 				p.ecn = protocol.ECN(body[0] & ecnMask)
 			case ipv4PKTINFO:
-				// struct in_pktinfo {
-				// 	unsigned int   ipi_ifindex;  /* Interface index */
-				// 	struct in_addr ipi_spec_dst; /* Local address */
-				// 	struct in_addr ipi_addr;     /* Header Destination
-				// 									address */
-				// };
-				var ip [4]byte
-				if len(body) == 12 {
-					copy(ip[:], body[8:12])
-					p.info.ifIndex = binary.LittleEndian.Uint32(body)
-				} else if len(body) == 4 {
-					// FreeBSD
-					copy(ip[:], body)
+				ip, ifIndex, ok := parseIPv4PktInfo(body)
+				if ok {
+					p.info.addr = ip
+					p.info.ifIndex = ifIndex
+				} else {
+					invalidCmsgOnceV4.Do(func() {
+						log.Printf("Received invalid IPv4 packet info control message: %+x. "+
+							"This should never occur, please open a new issue and include details about the architecture.", body)
+					})
 				}
-				p.info.addr = netip.AddrFrom4(ip)
 			}
 		}
 		if hdr.Level == unix.IPPROTO_IPV6 {
@ -216,10 +215,13 @@ func (c *oobConn) ReadPacket() (receivedPacket, error) {
 				// 	unsigned int    ipi6_ifindex; /* send/recv interface index */
 				// };
 				if len(body) == 20 {
-					var ip [16]byte
-					copy(ip[:], body[:16])
-					p.info.addr = netip.AddrFrom16(ip)
+					p.info.addr = netip.AddrFrom16(*(*[16]byte)(body[:16]))
 					p.info.ifIndex = binary.LittleEndian.Uint32(body[16:])
+				} else {
+					invalidCmsgOnceV6.Do(func() {
+						log.Printf("Received invalid IPv6 packet info control message: %+x. "+
+							"This should never occur, please open a new issue and include details about the architecture.", body)
+					})
 				}
 			}
 		}