Commit Graph

16 Commits (c54714583408c5361dd6e8396b50000c8cf6844f)

Author SHA1 Message Date
Geoff Salmon 533c77115a Check that TLV length is correct when receiving TLVs.
The function, tlv_post_recv, and the functions it calls don't check
the length of the tlv before flipping the byte order of fields. An
attacker (or a really buggy client) can craft a message causing the
byte order of data outside the received message to be flipped.

None of the supported tlvs are large enough to flip bytes outside the
ptp_message struct, which could corrupt the heap. However, it's easy
to mess up the message's refcnt field, leading to memory leaks.

The fix is to check that the tlv length is what is expected when
receiving, and tlv_post_recv needs to return an int to signal when a
tlv is invalid.

Signed-off-by: Geoff Salmon <gsalmon@se-instruments.com>
2013-01-22 21:08:23 +01:00
Richard Cochran 577d34facf Provide a method to release the message cache.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-08-27 21:09:10 +02:00
Richard Cochran 226bd355af Convert the follow up info tlv to and from network byte order.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-08-10 20:31:24 +02:00
Richard Cochran 4e173932d2 Add hooks for converting TLV values to and from host byte order.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-08-01 17:16:24 +02:00
Richard Cochran 7d32a4bce7 Convert TLV type and length to host byte order on transmit.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-08-01 17:16:24 +02:00
Richard Cochran f20cf6225a Convert TLV type and length to host byte order on receive.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-08-01 17:16:23 +02:00
Richard Cochran 3d7372d529 Fix memory leak, reference counting, and list handling in message code.
The message code is horribly broken in three ways.

1. Clearing the message also sets the reference count to zero.
2. The recycling code in msg_put does not test the reference count.
3. The allocation code does not remove the message from the pool,
   although this code was never reached because of point 2.

This patch fixes the issues and also adds some debugging code to trace
the message pool statistics.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-07-07 20:18:02 +02:00
Richard Cochran ff44e305b1 Refactor the post receive method to check the length first.
This patch is in preparation for handling the suffix TLV data. We will
need to use the structure size more than once.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-06-03 19:56:56 +02:00
Richard Cochran e213ff0479 Add the peer delay messages into the message layer.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-04-02 17:20:04 +02:00
Richard Cochran 7d54d444f5 Leave some headroom in the message buffers.
This room will be used by the Layer 2 protocols.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-03-18 09:31:21 +01:00
Richard Cochran 51162c01af Warn loudly whenever event messages are missing time stamps.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-03-11 09:53:28 +01:00
Richard Cochran 50b82c200d Do not treat signaling and management messages as errors.
Instead we just ignore them for now.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-01-07 08:07:55 +01:00
Richard Cochran e2c02e49c7 Implement the master sync timer and message.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-01-07 08:07:55 +01:00
Richard Cochran 39f5b2c449 Fix delay response message format.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-01-07 08:07:54 +01:00
Richard Cochran 72703ba36a Implement the master announce timer and message.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2012-01-07 08:07:54 +01:00
Richard Cochran edcb731cc2 Add a message layer.
Note that only some of the message types are implemented.

Signed-off-by: Richard Cochran <richardcochran@gmail.com>
2011-11-06 09:02:57 +01:00