morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

network/ndisc: refuse too many PREF64 prefixes

Browse Source 
Follow-up for 6e8f5e4c1f.

Addresses https://github.com/systemd/systemd/pull/29009#issuecomment-1705700926.
This commit is contained in:
Yu Watanabe
2023-09-06 00:55:42 +09:00
parent fabea9c092
commit 4df16cd018
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/network/networkd-ndisc.c
View File

@@ -27,9 +27,12 @@
#define NDISC_DNSSL_MAX 64U
#define NDISC_RDNSS_MAX 64U
/* Not defined RFC, but let's set an upper limit to make not consume much memory.
/* Not defined in the RFC, but let's set an upper limit to make not consume much memory.
* This should be safe as typically there should be at most 1 portal per network. */
#define NDISC_CAPTIVE_PORTAL_MAX 64U
/* Neither defined in the RFC. Just for safety. Otherwise, malformed messages can make clients trigger OOM.
* Not sure if the threshold is high enough. Let's adjust later if not. */
#define NDISC_PREF64_MAX 64U
bool link_ipv6_accept_ra_enabled(Link *link) {
assert(link);
@@ -1051,6 +1054,11 @@ static int ndisc_router_process_pref64(Link *link, sd_ndisc_router *rt) {
return 0;
}
if (set_size(link->ndisc_pref64) >= NDISC_PREF64_MAX) {
log_link_debug(link, "Too many PREF64 records received. Only first %u records will be used.", NDISC_PREF64_MAX);
return 0;
}
new_entry = new(NDiscPREF64, 1);
if (!new_entry)
return log_oom();