From e8daf7c263ece6b5859dea592ff22abbb177e92b Mon Sep 17 00:00:00 2001
From: root <wangyu.cn@gmail.com>
Date: Sun, 26 Jul 2020 19:07:17 +0000
Subject: [PATCH] more fix of memory access

---
 client.cpp     | 5 +++++
 connection.cpp | 9 ++++++++-
 makefile       | 3 +--
 network.cpp    | 2 +-
 pcap_wrapper.h | 4 ++--
 server.cpp     | 5 +++++
 6 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/client.cpp b/client.cpp
index 3c47ead..aca71b4 100644
--- a/client.cpp
+++ b/client.cpp
@@ -485,6 +485,11 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
 		{
 			return -1;
 		}
+		if(data_len>=max_data_len+1)
+		{
+			mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+			return -1;
+		}
 		if(!recv_info.new_src_ip.equal(send_info.new_dst_ip)||recv_info.src_port!=send_info.dst_port)
 		{
 			mylog(log_debug,"unexpected adress %s %s %d %d\n",recv_info.new_src_ip.get_str1(),send_info.new_dst_ip.get_str2(),recv_info.src_port,send_info.dst_port);
diff --git a/connection.cpp b/connection.cpp
index 3d4fb52..aac980e 100644
--- a/connection.cpp
+++ b/connection.cpp
@@ -416,6 +416,13 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e
 		//printf("recv_raw_fail in recv bare\n");
 		return -1;
 	}
+
+	if(len>=max_data_len+1)
+	{
+		mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",len);
+		return -1;
+	}
+
 	mylog(log_trace,"data len=%d\n",len);
 	if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1)))
 	{
@@ -615,7 +622,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len
 	}
 
 
-	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;
+	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;  //TODO might need to move this function to somewhere else after --fix-gro is introduced
 
 	return 0;
 }
diff --git a/makefile b/makefile
index 71d7c4e..4bccfa4 100755
--- a/makefile
+++ b/makefile
@@ -19,7 +19,6 @@ PCAP="-lpcap"
 MP="-DUDP2RAW_MP"
 
 
-
 NAME=udp2raw
 
 TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes
@@ -59,7 +58,7 @@ debug: git_version
 	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG 
 debug2: git_version
 	rm -f ${NAME}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb
+	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address
 
 #targets only for 'make release'
 
diff --git a/network.cpp b/network.cpp
index 3f1156b..332cd5e 100644
--- a/network.cpp
+++ b/network.cpp
@@ -1441,7 +1441,7 @@ int pre_recv_raw_packet()
 		}
 	}
 
-    if(g_packet_buf_len> max_data_len+1)
+    if(g_packet_buf_len>= max_data_len+1)
     {
         if(g_fix_gro==0)
         {
diff --git a/pcap_wrapper.h b/pcap_wrapper.h
index 355fd69..3772d6b 100644
--- a/pcap_wrapper.h
+++ b/pcap_wrapper.h
@@ -9,12 +9,12 @@
 
 struct bpf_program
 {
- char a[2000];
+ char a[4096];
 };
 
 struct pcap_t
 {
- char a[2000];
+ char a[4096];
 };
 
 typedef unsigned int bpf_u_int32;
diff --git a/server.cpp b/server.cpp
index 1f3158f..9ac0728 100644
--- a/server.cpp
+++ b/server.cpp
@@ -460,6 +460,11 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 			{
 				return 0;
 			}
+			if(data_len>=max_data_len+1)
+			{
+				mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+				return -1;
+			}
 			if(use_tcp_dummy_socket!=0)
 				return 0;
 			raw_info_t &raw_info=tmp_raw_info;