From e7a422c64423c3fdb4d44235440ea8dd0ba1d9f5 Mon Sep 17 00:00:00 2001 From: Mathew Heard Date: Tue, 29 Jun 2021 14:55:14 +1000 Subject: [PATCH] Check interval bounds for UDP probe size. --- src/net_packet.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 25d3efb8..ac70d6be 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1333,14 +1333,19 @@ static void try_mtu(node_t *n) { const length_t minmtu = MAX(n->minmtu, 512); const float interval = n->maxmtu - minmtu; - /* The core of the discovery algorithm is this exponential. - It produces very large probes early in the cycle, and then it very quickly decreases the probe size. - This reflects the fact that in the most difficult cases, we don't get any feedback for probes that - are too large, and therefore we need to concentrate on small offsets so that we can quickly converge - on the precise MTU as we are approaching it. - The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one - reply per cycle so that we can make progress. */ - const length_t offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1)); + length_t offset = 0; + + /* powf can be underflowed if n->maxmtu is less than 512 due to the minmtu MAX bound */ + if(interval > 0) { + /* The core of the discovery algorithm is this exponential. + It produces very large probes early in the cycle, and then it very quickly decreases the probe size. + This reflects the fact that in the most difficult cases, we don't get any feedback for probes that + are too large, and therefore we need to concentrate on small offsets so that we can quickly converge + on the precise MTU as we are approaching it. + The last probe of the cycle is always 1 byte in size - this is to make sure we'll get at least one + reply per cycle so that we can make progress. */ + offset = powf(interval, multiplier * cycle_position / (probes_per_cycle - 1)); + } length_t maxmtu = n->maxmtu; send_udp_probe_packet(n, minmtu + offset); -- 2.20.1