Skip to content

Commit

Permalink
Merge pull request #859 from thvdveld/fix-recv_slice-truncation
Browse files Browse the repository at this point in the history
return RecvError::Truncated when calling recv_slice with a small buffer
  • Loading branch information
thvdveld authored Nov 27, 2023
2 parents a5da783 + 1386417 commit 9cb718e
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 26 deletions.
54 changes: 50 additions & 4 deletions src/socket/icmp.rs
Original file line number Diff line number Diff line change
Expand Up @@ -61,12 +61,14 @@ impl std::error::Error for SendError {}
#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub enum RecvError {
Exhausted,
Truncated,
}

impl core::fmt::Display for RecvError {
fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
match self {
RecvError::Exhausted => write!(f, "exhausted"),
RecvError::Truncated => write!(f, "truncated"),
}
}
}
Expand Down Expand Up @@ -130,8 +132,8 @@ impl<'a> Socket<'a> {
/// Create an ICMP socket with the given buffers.
pub fn new(rx_buffer: PacketBuffer<'a>, tx_buffer: PacketBuffer<'a>) -> Socket<'a> {
Socket {
rx_buffer: rx_buffer,
tx_buffer: tx_buffer,
rx_buffer,
tx_buffer,
endpoint: Default::default(),
hop_limit: None,
#[cfg(feature = "async")]
Expand Down Expand Up @@ -394,9 +396,17 @@ impl<'a> Socket<'a> {
/// Dequeue a packet received from a remote endpoint, copy the payload into the given slice,
/// and return the amount of octets copied as well as the `IpAddress`
///
/// **Note**: when the size of the provided buffer is smaller than the size of the payload,
/// the packet is dropped and a `RecvError::Truncated` error is returned.
///
/// See also [recv](#method.recv).
pub fn recv_slice(&mut self, data: &mut [u8]) -> Result<(usize, IpAddress), RecvError> {
let (buffer, endpoint) = self.recv()?;

if data.len() < buffer.len() {
return Err(RecvError::Truncated);
}

let length = cmp::min(data.len(), buffer.len());
data[..length].copy_from_slice(&buffer[..length]);
Ok((length, endpoint))
Expand Down Expand Up @@ -555,7 +565,7 @@ impl<'a> Socket<'a> {
dst_addr,
next_header: IpProtocol::Icmp,
payload_len: repr.buffer_len(),
hop_limit: hop_limit,
hop_limit,
});
emit(cx, (ip_repr, IcmpRepr::Ipv4(repr)))
}
Expand Down Expand Up @@ -592,7 +602,7 @@ impl<'a> Socket<'a> {
dst_addr,
next_header: IpProtocol::Icmpv6,
payload_len: repr.buffer_len(),
hop_limit: hop_limit,
hop_limit,
});
emit(cx, (ip_repr, IcmpRepr::Ipv6(repr)))
}
Expand Down Expand Up @@ -1096,6 +1106,42 @@ mod test_ipv6 {
assert!(!socket.can_recv());
}

#[rstest]
#[case::ethernet(Medium::Ethernet)]
#[cfg(feature = "medium-ethernet")]
fn test_truncated_recv_slice(#[case] medium: Medium) {
let (mut iface, _, _) = setup(medium);
let cx = iface.context();

let mut socket = socket(buffer(1), buffer(1));
assert_eq!(socket.bind(Endpoint::Ident(0x1234)), Ok(()));

let checksum = ChecksumCapabilities::default();

let mut bytes = [0xff; 24];
let mut packet = Icmpv6Packet::new_unchecked(&mut bytes[..]);
ECHOV6_REPR.emit(
&LOCAL_IPV6.into(),
&REMOTE_IPV6.into(),
&mut packet,
&checksum,
);

assert!(socket.accepts(cx, &REMOTE_IPV6_REPR, &ECHOV6_REPR.into()));
socket.process(cx, &REMOTE_IPV6_REPR, &ECHOV6_REPR.into());
assert!(socket.can_recv());

assert!(socket.accepts(cx, &REMOTE_IPV6_REPR, &ECHOV6_REPR.into()));
socket.process(cx, &REMOTE_IPV6_REPR, &ECHOV6_REPR.into());

let mut buffer = [0u8; 1];
assert_eq!(
socket.recv_slice(&mut buffer[..]),
Err(RecvError::Truncated)
);
assert!(!socket.can_recv());
}

#[rstest]
#[case::ethernet(Medium::Ethernet)]
#[cfg(feature = "medium-ethernet")]
Expand Down
25 changes: 19 additions & 6 deletions src/socket/raw.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,12 +57,14 @@ impl std::error::Error for SendError {}
#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub enum RecvError {
Exhausted,
Truncated,
}

impl core::fmt::Display for RecvError {
fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
match self {
RecvError::Exhausted => write!(f, "exhausted"),
RecvError::Truncated => write!(f, "truncated"),
}
}
}
Expand Down Expand Up @@ -273,9 +275,16 @@ impl<'a> Socket<'a> {

/// Dequeue a packet, and copy the payload into the given slice.
///
/// **Note**: when the size of the provided buffer is smaller than the size of the payload,
/// the packet is dropped and a `RecvError::Truncated` error is returned.
///
/// See also [recv](#method.recv).
pub fn recv_slice(&mut self, data: &mut [u8]) -> Result<usize, RecvError> {
let buffer = self.recv()?;
if data.len() < buffer.len() {
return Err(RecvError::Truncated);
}

let length = min(data.len(), buffer.len());
data[..length].copy_from_slice(&buffer[..length]);
Ok(length)
Expand Down Expand Up @@ -303,9 +312,16 @@ impl<'a> Socket<'a> {
/// and return the amount of octets copied without removing the packet from the receive buffer.
/// This function otherwise behaves identically to [recv_slice](#method.recv_slice).
///
/// **Note**: when the size of the provided buffer is smaller than the size of the payload,
/// no data is copied into the provided buffer and a `RecvError::Truncated` error is returned.
///
/// See also [peek](#method.peek).
pub fn peek_slice(&mut self, data: &mut [u8]) -> Result<usize, RecvError> {
let buffer = self.peek()?;
if data.len() < buffer.len() {
return Err(RecvError::Truncated);
}

let length = min(data.len(), buffer.len());
data[..length].copy_from_slice(&buffer[..length]);
Ok(length)
Expand Down Expand Up @@ -602,8 +618,7 @@ mod test {
socket.process(&mut cx, &$hdr, &$payload);

let mut slice = [0; 4];
assert_eq!(socket.recv_slice(&mut slice[..]), Ok(4));
assert_eq!(&slice, &$packet[..slice.len()]);
assert_eq!(socket.recv_slice(&mut slice[..]), Err(RecvError::Truncated));
}

#[rstest]
Expand Down Expand Up @@ -641,10 +656,8 @@ mod test {
socket.process(&mut cx, &$hdr, &$payload);

let mut slice = [0; 4];
assert_eq!(socket.peek_slice(&mut slice[..]), Ok(4));
assert_eq!(&slice, &$packet[..slice.len()]);
assert_eq!(socket.recv_slice(&mut slice[..]), Ok(4));
assert_eq!(&slice, &$packet[..slice.len()]);
assert_eq!(socket.peek_slice(&mut slice[..]), Err(RecvError::Truncated));
assert_eq!(socket.recv_slice(&mut slice[..]), Err(RecvError::Truncated));
assert_eq!(socket.peek_slice(&mut slice[..]), Err(RecvError::Exhausted));
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/socket/tcp.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1331,7 +1331,7 @@ impl<'a> Socket<'a> {
// Rate-limit to 1 per second max.
self.challenge_ack_timer = cx.now() + Duration::from_secs(1);

return Some(self.ack_reply(ip_repr, repr));
Some(self.ack_reply(ip_repr, repr))
}

pub(crate) fn accepts(&self, _cx: &mut Context, ip_repr: &IpRepr, repr: &TcpRepr) -> bool {
Expand Down
36 changes: 21 additions & 15 deletions src/socket/udp.rs
Original file line number Diff line number Diff line change
Expand Up @@ -88,12 +88,14 @@ impl std::error::Error for SendError {}
#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub enum RecvError {
Exhausted,
Truncated,
}

impl core::fmt::Display for RecvError {
fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
match self {
RecvError::Exhausted => write!(f, "exhausted"),
RecvError::Truncated => write!(f, "truncated"),
}
}
}
Expand Down Expand Up @@ -393,9 +395,17 @@ impl<'a> Socket<'a> {
/// Dequeue a packet received from a remote endpoint, copy the payload into the given slice,
/// and return the amount of octets copied as well as the endpoint.
///
/// **Note**: when the size of the provided buffer is smaller than the size of the payload,
/// the packet is dropped and a `RecvError::Truncated` error is returned.
///
/// See also [recv](#method.recv).
pub fn recv_slice(&mut self, data: &mut [u8]) -> Result<(usize, UdpMetadata), RecvError> {
let (buffer, endpoint) = self.recv().map_err(|_| RecvError::Exhausted)?;

if data.len() < buffer.len() {
return Err(RecvError::Truncated);
}

let length = min(data.len(), buffer.len());
data[..length].copy_from_slice(&buffer[..length]);
Ok((length, endpoint))
Expand Down Expand Up @@ -426,9 +436,17 @@ impl<'a> Socket<'a> {
/// packet from the receive buffer.
/// This function otherwise behaves identically to [recv_slice](#method.recv_slice).
///
/// **Note**: when the size of the provided buffer is smaller than the size of the payload,
/// no data is copied into the provided buffer and a `RecvError::Truncated` error is returned.
///
/// See also [peek](#method.peek).
pub fn peek_slice(&mut self, data: &mut [u8]) -> Result<(usize, &UdpMetadata), RecvError> {
let (buffer, endpoint) = self.peek()?;

if data.len() < buffer.len() {
return Err(RecvError::Truncated);
}

let length = min(data.len(), buffer.len());
data[..length].copy_from_slice(&buffer[..length]);
Ok((length, endpoint))
Expand Down Expand Up @@ -851,11 +869,7 @@ mod test {
);

let mut slice = [0; 4];
assert_eq!(
socket.recv_slice(&mut slice[..]),
Ok((4, REMOTE_END.into()))
);
assert_eq!(&slice, b"abcd");
assert_eq!(socket.recv_slice(&mut slice[..]), Err(RecvError::Truncated));
}

#[rstest]
Expand All @@ -882,16 +896,8 @@ mod test {
);

let mut slice = [0; 4];
assert_eq!(
socket.peek_slice(&mut slice[..]),
Ok((4, &REMOTE_END.into()))
);
assert_eq!(&slice, b"abcd");
assert_eq!(
socket.recv_slice(&mut slice[..]),
Ok((4, REMOTE_END.into()))
);
assert_eq!(&slice, b"abcd");
assert_eq!(socket.peek_slice(&mut slice[..]), Err(RecvError::Truncated));
assert_eq!(socket.recv_slice(&mut slice[..]), Err(RecvError::Truncated));
assert_eq!(socket.peek_slice(&mut slice[..]), Err(RecvError::Exhausted));
}

Expand Down

0 comments on commit 9cb718e

Please sign in to comment.