Hesham/wintun
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

driver: allow userspace to write garbage

Browse Source 
Not discouraging userspace from skipping checking IP packets seems like
a bad thing, but they skip it anyway, so at least avoid the DoS due to
API misuse.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2021-09-16 12:06:32 +00:00
parent 7e2002283e
commit a90b308890
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
driver/wintun.c
View File

@ -509,6 +509,8 @@ TunProcessReceiveData(_Inout_ TUN_CTX *Ctx)
if (AlignedPacketSize > RingContent) if (AlignedPacketSize > RingContent)
break; break;
RingHead = TUN_RING_WRAP(RingHead + AlignedPacketSize, RingCapacity);
ULONG NblFlags; ULONG NblFlags;
USHORT NblProto; USHORT NblProto;
if (PacketSize >= 20 && Packet->Data[0] >> 4 == 4) if (PacketSize >= 20 && Packet->Data[0] >> 4 == 4)
@ -522,9 +524,8 @@ TunProcessReceiveData(_Inout_ TUN_CTX *Ctx)
NblProto = HTONS(NDIS_ETH_TYPE_IPV6); NblProto = HTONS(NDIS_ETH_TYPE_IPV6);
} }
else else
break; goto skipNbl;
RingHead = TUN_RING_WRAP(RingHead + AlignedPacketSize, RingCapacity);
VOID *PacketAddr = VOID *PacketAddr =
(UCHAR *)MmGetMdlVirtualAddress(Ctx->Device.Receive.Mdl) + (ULONG)(Packet->Data - (UCHAR *)Ring); (UCHAR *)MmGetMdlVirtualAddress(Ctx->Device.Receive.Mdl) + (ULONG)(Packet->Data - (UCHAR *)Ring);
MDL *Mdl = IoAllocateMdl(PacketAddr, PacketSize, FALSE, FALSE, NULL); MDL *Mdl = IoAllocateMdl(PacketAddr, PacketSize, FALSE, FALSE, NULL);