aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

decode/tcp: Improved handling of TFO options

Browse Source 
This commit improves handling of TCP fast open options
- Option length must be in [6, 18]
- Option length must be an even value
pull/5703/head
Jeff Lucovsky 4 years ago
parent 10ea60a237
commit f8fef0dd05
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File

7
src/decode-tcp.c
Unescape Escape View File

@ -154,11 +154,8 @@ static void DecodeTCPOptions(Packet *p, const uint8_t *pkt, uint16_t pktlen)
break;
case TCP_OPT_TFO:
SCLogDebug("TFO option, len %u", olen);
if ((olen != 2) &&
(olen < TCP_OPT_TFO_MIN_LEN ||
olen > TCP_OPT_TFO_MAX_LEN ||
!((olen - 2) % 8 == 0)))
{
if ((olen != 2) && (olen < TCP_OPT_TFO_MIN_LEN || olen > TCP_OPT_TFO_MAX_LEN ||
!(((olen - 2) & 0x1) == 0))) {
ENGINE_SET_EVENT(p,TCP_OPT_INVALID_LEN);
} else {
if (p->tcpvars.tfo.type != 0) {

2
src/decode-tcp.h
Unescape Escape View File

@ -62,7 +62,7 @@
#define TCP_OPT_SACK_MIN_LEN 10 /* hdr 2, 1 pair 8 = 10 */
#define TCP_OPT_SACK_MAX_LEN 34 /* hdr 2, 4 pair 32= 34 */
#define TCP_OPT_TFO_MIN_LEN 6 /* kind, len, 6 */
#define TCP_OPT_TFO_MAX_LEN 20 /* kind, len, 18 */
#define TCP_OPT_TFO_MAX_LEN 18 /* kind, len, 18 */
/** Max valid wscale value. */
#define TCP_WSCALE_MAX 14

Write Preview
Loading…
Cancel
Save