From 9ad5ccd66e89778e33cd1be3cd8887ec4a03d177 Mon Sep 17 00:00:00 2001
From: Vadim Kochan <vadim4j@gmail.com>
Date: Sat, 16 Jul 2016 12:39:43 +0300
Subject: trafgen: ipv4: Do not use user-provided 'ihl' field to calculate csum

It is potentially dangerous to use the user specified IHL field for
csum calculation, as it might lead to read buffer overflows.

Instead introduce and use the len field in struct proto_hdr which is
calculated automatically after the header is built.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tk: reword commit message]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 trafgen_l3.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'trafgen_l3.c')

diff --git a/trafgen_l3.c b/trafgen_l3.c
index 012321f..ad58270 100644
--- a/trafgen_l3.c
+++ b/trafgen_l3.c
@@ -53,10 +53,8 @@ static void ipv4_packet_finish(struct proto_hdr *hdr)
 
 	if (!proto_field_is_set(hdr, IP4_CSUM)) {
 		uint16_t csum;
-		uint8_t ihl;
 
-		ihl = proto_field_get_u8(hdr, IP4_IHL);
-		csum = htons(calc_csum(&pkt->payload[hdr->pkt_offset], ihl * 4));
+		csum = htons(calc_csum(&pkt->payload[hdr->pkt_offset], hdr->len));
 		proto_field_set_u16(hdr, IP4_CSUM, bswap_16(csum));
 	}
 }
-- 
cgit v1.2.3-54-g00ecf