more fix of memory access

client.cpp

@@ -485,6 +485,11 @@ int client_on_raw_recv(conn_info_t &conn_info) //called when raw fd received a p
 		{
 			return -1;
 		}
+		if(data_len>=max_data_len+1)
+		{
+			mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+			return -1;
+		}
 		if(!recv_info.new_src_ip.equal(send_info.new_dst_ip)||recv_info.src_port!=send_info.dst_port)
 		{
 			mylog(log_debug,"unexpected adress %s %s %d %d\n",recv_info.new_src_ip.get_str1(),send_info.new_dst_ip.get_str2(),recv_info.src_port,send_info.dst_port);

connection.cpp

@@ -416,6 +416,13 @@ int recv_bare(raw_info_t &raw_info,char* & data,int & len)//recv function with e
 		//printf("recv_raw_fail in recv bare\n");
 		return -1;
 	}
+
+	if(len>=max_data_len+1)
+	{
+		mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",len);
+		return -1;
+	}
+
 	mylog(log_trace,"data len=%d\n",len);
 	if ((raw_mode == mode_faketcp && (recv_info.syn == 1 || recv_info.ack != 1)))
 	{
@@ -615,7 +622,7 @@ int reserved_parse_safer(conn_info_t &conn_info,const char * input,int input_len
 	}
 
 
-	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;
+	if(after_recv_raw0(conn_info.raw_info)!=0) return -1;  //TODO might need to move this function to somewhere else after --fix-gro is introduced
 
 	return 0;
 }

encrypt.cpp

@@ -291,6 +291,7 @@ int padding(char *data ,int &data_len,int padding_num)
 
 int de_padding(const char *data ,int &data_len,int padding_num)
 {
+	if(data_len==0) return -1;
 	if((uint8_t)data[data_len-1]  >padding_num) return -1;
 	data_len-=(uint8_t)data[data_len-1];
 	if(data_len<0)

makefile

@@ -19,7 +19,6 @@ PCAP="-lpcap"
 MP="-DUDP2RAW_MP"
 
 
-
 NAME=udp2raw
 
 TARGETS=amd64 arm amd64_hw_aes arm_asm_aes mips24kc_be mips24kc_be_asm_aes x86 x86_asm_aes mips24kc_le mips24kc_le_asm_aes
@@ -59,7 +58,7 @@ debug: git_version
 	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -D MY_DEBUG 
 debug2: git_version
 	rm -f ${NAME}
-	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb
+	${cc_local}   -o ${NAME}          -I. ${SOURCES} ${FLAGS} -lrt -Wformat-nonliteral -ggdb -fsanitize=address
 
 #targets only for 'make release'
 

network.cpp

@@ -1441,7 +1441,7 @@ int pre_recv_raw_packet()
 		}
 	}
 
-    if(g_packet_buf_len> max_data_len+1)
+    if(g_packet_buf_len>= max_data_len+1)
     {
         if(g_fix_gro==0)
         {

pcap_wrapper.h

@@ -9,12 +9,12 @@
 
 struct bpf_program
 {
- char a[2000];
+ char a[4096];
 };
 
 struct pcap_t
 {
- char a[2000];
+ char a[4096];
 };
 
 typedef unsigned int bpf_u_int32;

server.cpp

@@ -19,7 +19,7 @@
 int server_on_timer_multi(conn_info_t &conn_info)  //for server. called when a timer is ready in epoll.for server,there will be one timer for every connection
 // there is also a global timer for server,but its not handled here
 {
-	char ip_port[40];
+	char ip_port[max_addr_len];
 	//u32_t ip=conn_info.raw_info.send_info.dst_ip;
 	//u32_t port=conn_info.raw_info.send_info.dst_port;
 
@@ -445,7 +445,7 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 	address_t addr;
 	addr.from_ip_port_new(raw_ip_version,&peek_info.new_src_ip,peek_info.src_port);
 
-	char ip_port[40];
+	char ip_port[max_addr_len];
 	addr.to_str(ip_port);
 	//sprintf(ip_port,"%s:%d",my_ntoa(ip),port);
 	mylog(log_trace,"[%s]peek_raw\n",ip_port);
@@ -460,6 +460,11 @@ int server_on_raw_recv_multi() //called when server received an raw packet
 			{
 				return 0;
 			}
+			if(data_len>=max_data_len+1)
+			{
+				mylog(log_debug,"data_len=%d >= max_data_len+1,ignored",data_len);
+				return -1;
+			}
 			if(use_tcp_dummy_socket!=0)
 				return 0;
 			raw_info_t &raw_info=tmp_raw_info;