TCP: parse generic stable irregular: wrong discriminator handling
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
rohc | Status tracked in Rohc-main | |||||
Rohc-1.7.x |
Won't Fix
|
Medium
|
Didier Barvaux | |||
Rohc-main |
Fix Released
|
Medium
|
Didier Barvaux |
Bug Description
Hello,
in d_tcp_parse_
generic_
// An item that can change, but currently is unchanged
COMPRESSED generic_
discriminator =:= '11111111' [ 8 ];
ENFORCE(
}
Additionally I propose the following implementation for
the handling:
@@ -1315,11 +1323,13 @@ static int d_tcp_parse_
discriminator = data[0];
read++;
- if(discriminator == 0x01)
+ if(discriminator == 0xff)
{
- /* TODO: handle generic_
- rohc_decomp_
- goto error;
+ const size_t opt_load_len = persist-
+
+ opt_ctxt-
+ memcpy(
+ rohc_decomp_
}
else if(discriminator == 0x00)
{
@@ -1339,6 +1349,14 @@ static int d_tcp_parse_
read += opt_load_len;
rohc_
}
+ else
+ {
+ rohc_decomp_
+ "TCP option items: TCP generic irregular option "
+ "discriminator should be either 0x00 or 0xff, "
+ "but is %u", discriminator);
+ goto error;
+ }
}
return read;
These are the four RoHC packets to test. I'm using the pcap from the ipv4_tcp_afl11 test.
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
[DEBUG] [rohc_traces_
I attached a corrected version of the pcap, because the forth packet contains a wrong IP length (wrong 72 instead of correct 60).
With the wrong length, the crc checksum test fails, because the decompressor computes the correct length, but
the compressor uses the wrong to calculate, but everything was correct.
Best,
Klaus Warnke
Hello,
You're right. The discriminator value is wrong. I didn't detect it because the compressor doesn't support that encoding variant yet. Thank you for the complement of implementation :)
For the PCAP, I'm not sure to understand why you modified it. The packet was generated by a fuzzer (AFL), hence the incorrect IP checksum. The compressor shall therefore handle it with the Uncompressed profile. Using any other profile will result in CRC failures as you said.
Regards,
Didier