868d6de717
- corosync exposes itself for a self-crash under rare circumstance(bsc#1078412)
Added: 0013-logging-Make-blackbox-configurable.patch
0014-logging-Close-before-and-open-blackbox-after-fork.patch
Modified: remove unncessary git commit messages
0001-coroapi-Use-size_t-for-private_data_size.patch
0002-fix-ifdown-udp.patch
0005-do-not-convert-empty-uid-gid-to-0.patch
0008-wd-fix-snprintf-warnings.patch
0010-qdevice-mv-free-str-after-port-validation.patch
0011-libcpg-Fix-issue-with-partial-big-packet-assembly.patch
0012-totemudp-u-Drop-truncated-packets-on-receive.patch
OBS-URL: https://build.opensuse.org/request/show/571270
OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=133
92 lines
2.5 KiB
Diff
92 lines
2.5 KiB
Diff
diff --git a/exec/totemudp.c b/exec/totemudp.c
|
|
index 2f36b5d9..40e99f93 100644
|
|
--- a/exec/totemudp.c
|
|
+++ b/exec/totemudp.c
|
|
@@ -452,6 +452,7 @@ static int net_deliver_fn (
|
|
struct sockaddr_storage system_from;
|
|
int bytes_received;
|
|
int res = 0;
|
|
+ int truncated_packet;
|
|
|
|
if (instance->flushing == 1) {
|
|
iovec = &instance->totemudp_iov_recv_flush;
|
|
@@ -489,6 +490,31 @@ static int net_deliver_fn (
|
|
instance->stats_recv += bytes_received;
|
|
}
|
|
|
|
+ truncated_packet = 0;
|
|
+
|
|
+#ifdef HAVE_MSGHDR_FLAGS
|
|
+ if (msg_recv.msg_flags & MSG_TRUNC) {
|
|
+ truncated_packet = 1;
|
|
+ }
|
|
+#else
|
|
+ /*
|
|
+ * We don't have MSGHDR_FLAGS, but we can (hopefully) safely make assumption that
|
|
+ * if bytes_received == FRAME_SIZE_MAX then packet is truncated
|
|
+ */
|
|
+ if (bytes_received == FRAME_SIZE_MAX) {
|
|
+ truncated_packet = 1;
|
|
+ }
|
|
+#endif
|
|
+
|
|
+ if (truncated_packet) {
|
|
+ log_printf(instance->totemudp_log_level_error,
|
|
+ "Received too big message. This may be because something bad is happening"
|
|
+ "on the network (attack?), or you tried join more nodes than corosync is"
|
|
+ "compiled with (%u) or bug in the code (bad estimation of "
|
|
+ "the FRAME_SIZE_MAX). Dropping packet.", PROCESSOR_COUNT_MAX);
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
/*
|
|
* Authenticate and if authenticated, decrypt datagram
|
|
*/
|
|
diff --git a/exec/totemudpu.c b/exec/totemudpu.c
|
|
index 9e076423..569e67a0 100644
|
|
--- a/exec/totemudpu.c
|
|
+++ b/exec/totemudpu.c
|
|
@@ -446,6 +446,7 @@ static int net_deliver_fn (
|
|
struct sockaddr_storage system_from;
|
|
int bytes_received;
|
|
int res = 0;
|
|
+ int truncated_packet;
|
|
|
|
iovec = &instance->totemudpu_iov_recv;
|
|
|
|
@@ -479,6 +480,31 @@ static int net_deliver_fn (
|
|
instance->stats_recv += bytes_received;
|
|
}
|
|
|
|
+ truncated_packet = 0;
|
|
+
|
|
+#ifdef HAVE_MSGHDR_FLAGS
|
|
+ if (msg_recv.msg_flags & MSG_TRUNC) {
|
|
+ truncated_packet = 1;
|
|
+ }
|
|
+#else
|
|
+ /*
|
|
+ * We don't have MSGHDR_FLAGS, but we can (hopefully) safely make assumption that
|
|
+ * if bytes_received == FRAME_SIZE_MAX then packet is truncated
|
|
+ */
|
|
+ if (bytes_received == FRAME_SIZE_MAX) {
|
|
+ truncated_packet = 1;
|
|
+ }
|
|
+#endif
|
|
+
|
|
+ if (truncated_packet) {
|
|
+ log_printf(instance->totemudpu_log_level_error,
|
|
+ "Received too big message. This may be because something bad is happening"
|
|
+ "on the network (attack?), or you tried join more nodes than corosync is"
|
|
+ "compiled with (%u) or bug in the code (bad estimation of "
|
|
+ "the FRAME_SIZE_MAX). Dropping packet.", PROCESSOR_COUNT_MAX);
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
/*
|
|
* Authenticate and if authenticated, decrypt datagram
|
|
*/
|
|
--
|
|
2.13.6
|
|
|