paranoid checks for bad packets in tcp layer. Close the socket if it gets a bad packet

diff --git a/common/ctdb.c b/common/ctdb.c
index 4f03fe1dff1dcbb57756872eeed2ac1dd8a98bc7..2f0c21b5ba63d0fe7ca8659ac3f9399df60fd88b 100644 (file)
--- a/common/ctdb.c
+++ b/common/ctdb.c
@@ -347,26 +347,6 @@ static void ctdb_recv_pkt(struct ctdb_context *ctdb, uint8_t *data, uint32_t len
 
        ctdb->status.node_packets_recv++;
 
-       if (length < sizeof(*hdr)) {
-               ctdb_set_error(ctdb, "Bad packet length %u\n", length);
-               return;
-       }
-       if (length != hdr->length) {
-               ctdb_set_error(ctdb, "Bad header length %u expected %u\n", 
-                              hdr->length, length);
-               return;
-       }
-
-       if (hdr->ctdb_magic != CTDB_MAGIC) {
-               ctdb_set_error(ctdb, "Non CTDB packet rejected\n");
-               return;
-       }
-
-       if (hdr->ctdb_version != CTDB_VERSION) {
-               ctdb_set_error(ctdb, "Bad CTDB version 0x%x rejected\n", hdr->ctdb_version);
-               return;
-       }
-
        /* up the counter for this source node, so we know its alive */
        if (ctdb_validate_vnn(ctdb, hdr->srcnode)) {
                /* as a special case, redirected calls don't increment the rx_cnt */

diff --git a/tcp/tcp_io.c b/tcp/tcp_io.c
index 3e267e504cdbf70da9a8f3126dae2fd9e409bc38..e90770ec73cfd80672e2c307daa9567e6868832e 100644 (file)
--- a/tcp/tcp_io.c
+++ b/tcp/tcp_io.c
@@ -34,38 +34,48 @@
 void ctdb_tcp_read_cb(uint8_t *data, size_t cnt, void *args)
 {
        struct ctdb_incoming *in = talloc_get_type(args, struct ctdb_incoming);
-       struct ctdb_req_header *hdr;
+       struct ctdb_req_header *hdr = (struct ctdb_req_header *)data;
 
        if (data == NULL) {
                /* incoming socket has died */
-               talloc_free(in);
-               return;
+               goto failed;
        }
 
        if (cnt < sizeof(*hdr)) {
-               ctdb_set_error(in->ctdb, "Bad packet length %u\n", (unsigned)cnt);
-               return;
+               DEBUG(0,(__location__ " Bad packet length %u\n", (unsigned)cnt));
+               goto failed;
        }
-       hdr = (struct ctdb_req_header *)data;
+
+       if (cnt & (CTDB_TCP_ALIGNMENT-1)) {
+               DEBUG(0,(__location__ " Length 0x%x not multiple of alignment\n", cnt));
+               goto failed;
+       }
+
+
        if (cnt != hdr->length) {
-               ctdb_set_error(in->ctdb, "Bad header length %u expected %u\n", 
-                              (unsigned)hdr->length, (unsigned)cnt);
-               return;
+               DEBUG(0,(__location__ " Bad header length %u expected %u\n", 
+                        (unsigned)hdr->length, (unsigned)cnt));
+               goto failed;
        }
 
        if (hdr->ctdb_magic != CTDB_MAGIC) {
-               ctdb_set_error(in->ctdb, "Non CTDB packet rejected\n");
-               return;
+               DEBUG(0,(__location__ " Non CTDB packet 0x%x rejected\n", 
+                        hdr->ctdb_magic));
+               goto failed;
        }
 
        if (hdr->ctdb_version != CTDB_VERSION) {
-               ctdb_set_error(in->ctdb, "Bad CTDB version 0x%x rejected\n", hdr->ctdb_version);
-               return;
+               DEBUG(0, (__location__ " Bad CTDB version 0x%x rejected\n", 
+                         hdr->ctdb_version));
+               goto failed;
        }
 
-       /* most common case - we got a whole packet in one go
-          tell the ctdb layer above that we have a packet */
+       /* tell the ctdb layer above that we have a packet */
        in->ctdb->upcalls->recv_pkt(in->ctdb, data, cnt);
+       return;
+
+failed:
+       talloc_free(in);
 }
 
 /*