Skip to content

Validate VM ARP packets before reading addresses#175

Open
fallintoplace wants to merge 1 commit into
openai:mainfrom
fallintoplace:fix/validate-vm-arp
Open

Validate VM ARP packets before reading addresses#175
fallintoplace wants to merge 1 commit into
openai:mainfrom
fallintoplace:fix/validate-vm-arp

Conversation

@fallintoplace

Copy link
Copy Markdown

What changed

  • route VM ARP validation through smoltcp::wire::ArpRepr::parse() before reading any address fields
  • reject malformed ARP packets, wrong hardware/protocol families, and unknown ARP operations instead of assuming IPv4-sized protocol addresses
  • add focused unit tests covering valid request/reply traffic plus malformed hardware type, protocol type, protocol length, and operation cases

Why

The VM ARP allow path used source_protocol_addr().try_into().unwrap(), so a guest could send an ARP packet with a non-IPv4 protocol address length and crash the proxy. ArpPacket::new_checked() only guarantees buffer bounds, not Ethernet/IPv4 ARP semantics.

Validation

  • cargo fmt
  • cargo test --no-run vm::tests
  • /Users/hoangvu/Code/OSS/softnet/target/debug/deps/softnet-444df5915f996909 vm::tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant