mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-11-04 23:29:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

ip.c: Integrate patch #6369" ip_input : checking before realloc".

Browse Source
This commit is contained in:
fbernon 2008-01-14 20:53:23 +00:00
parent 82ddf82866
commit 52e6922e5a
2 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -19,6 +19,9 @@ HISTORY
++ New features: ++ New features:
2008-01-14 Frédéric Bernon, Marc Chaland
* ip.c: Integrate patch #6369" ip_input : checking before realloc".
2008-01-12 Frédéric Bernon 2008-01-12 Frédéric Bernon
* tcpip.h, tcpip.c, api.h, api_lib.c, api_msg.c, sockets.c: replace the field * tcpip.h, tcpip.c, api.h, api_lib.c, api_msg.c, sockets.c: replace the field
netconn::sem per netconn::op_completed like suggested for the task #7490 netconn::sem per netconn::op_completed like suggested for the task #7490

36
src/core/ipv4/ip.c
View File

@ -177,7 +177,8 @@ ip_input(struct pbuf *p, struct netif *inp)
{ {
struct ip_hdr *iphdr; struct ip_hdr *iphdr;
struct netif *netif; struct netif *netif;
u16_t iphdrlen; u16_t iphdr_hlen;
u16_t iphdr_len;
#if LWIP_DHCP #if LWIP_DHCP
int check_ip_src=1; int check_ip_src=1;
#endif /* LWIP_DHCP */ #endif /* LWIP_DHCP */
@ -198,14 +199,21 @@ ip_input(struct pbuf *p, struct netif *inp)
} }
/* obtain IP header length in number of 32-bit words */ /* obtain IP header length in number of 32-bit words */
iphdrlen = IPH_HL(iphdr); iphdr_hlen = IPH_HL(iphdr);
/* calculate IP header length in bytes */ /* calculate IP header length in bytes */
iphdrlen *= 4; iphdr_hlen *= 4;
/* obtain ip length in bytes */
iphdr_len = ntohs(IPH_LEN(iphdr));
/* header length exceeds first pbuf length? */ /* header length exceeds first pbuf length, or ip length exceeds total pbuf length? */
if (iphdrlen > p->len) { if ((iphdr_hlen > p->len) || (iphdr_len > p->tot_len)) {
LWIP_DEBUGF(IP_DEBUG | 2, ("IP header (len %"U16_F") does not fit in first pbuf (len %"U16_F"), IP packet droppped.\n", if (iphdr_hlen > p->len)
iphdrlen, p->len)); LWIP_DEBUGF(IP_DEBUG | 2, ("IP header (len %"U16_F") does not fit in first pbuf (len %"U16_F"), IP packet dropped.\n",
iphdr_hlen, p->len));
if (iphdr_len > p->tot_len)
LWIP_DEBUGF(IP_DEBUG | 2, ("IP (len %"U16_F") is longer than pbuf (len %"U16_F"), "
"IP packet dropped.\n",
iphdr_len, p->tot_len));
/* free (drop) packet pbufs */ /* free (drop) packet pbufs */
pbuf_free(p); pbuf_free(p);
IP_STATS_INC(ip.lenerr); IP_STATS_INC(ip.lenerr);
@ -216,9 +224,9 @@ ip_input(struct pbuf *p, struct netif *inp)
/* verify checksum */ /* verify checksum */
#if CHECKSUM_CHECK_IP #if CHECKSUM_CHECK_IP
if (inet_chksum(iphdr, iphdrlen) != 0) { if (inet_chksum(iphdr, iphdr_hlen) != 0) {
LWIP_DEBUGF(IP_DEBUG | 2, ("Checksum (0x%"X16_F") failed, IP packet dropped.\n", inet_chksum(iphdr, iphdrlen))); LWIP_DEBUGF(IP_DEBUG | 2, ("Checksum (0x%"X16_F") failed, IP packet dropped.\n", inet_chksum(iphdr, iphdr_hlen)));
ip_debug_print(p); ip_debug_print(p);
pbuf_free(p); pbuf_free(p);
IP_STATS_INC(ip.chkerr); IP_STATS_INC(ip.chkerr);
@ -230,7 +238,7 @@ ip_input(struct pbuf *p, struct netif *inp)
/* Trim pbuf. This should have been done at the netif layer, /* Trim pbuf. This should have been done at the netif layer,
* but we'll do it anyway just to be sure that its done. */ * but we'll do it anyway just to be sure that its done. */
pbuf_realloc(p, ntohs(IPH_LEN(iphdr))); pbuf_realloc(p, iphdr_len);
/* match packet against an interface, i.e. is this packet for us? */ /* match packet against an interface, i.e. is this packet for us? */
#if LWIP_IGMP #if LWIP_IGMP
@ -288,8 +296,8 @@ ip_input(struct pbuf *p, struct netif *inp)
/* remote port is DHCP server? */ /* remote port is DHCP server? */
if (IPH_PROTO(iphdr) == IP_PROTO_UDP) { if (IPH_PROTO(iphdr) == IP_PROTO_UDP) {
LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | 1, ("ip_input: UDP packet to DHCP client port %"U16_F"\n", LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | 1, ("ip_input: UDP packet to DHCP client port %"U16_F"\n",
ntohs(((struct udp_hdr *)((u8_t *)iphdr + iphdrlen))->dest))); ntohs(((struct udp_hdr *)((u8_t *)iphdr + iphdr_hlen))->dest)));
if (ntohs(((struct udp_hdr *)((u8_t *)iphdr + iphdrlen))->dest) == DHCP_CLIENT_PORT) { if (ntohs(((struct udp_hdr *)((u8_t *)iphdr + iphdr_hlen))->dest) == DHCP_CLIENT_PORT) {
LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | 1, ("ip_input: DHCP packet accepted.\n")); LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | 1, ("ip_input: DHCP packet accepted.\n"));
netif = inp; netif = inp;
check_ip_src = 0; check_ip_src = 0;
@ -361,9 +369,9 @@ ip_input(struct pbuf *p, struct netif *inp)
#if LWIP_IGMP #if LWIP_IGMP
/* there is an extra "router alert" option in IGMP messages which we allow for but do not police */ /* there is an extra "router alert" option in IGMP messages which we allow for but do not police */
if((iphdrlen > IP_HLEN && (IPH_PROTO(iphdr) != IP_PROTO_IGMP)) { if((iphdr_hlen > IP_HLEN && (IPH_PROTO(iphdr) != IP_PROTO_IGMP)) {
#else #else
if (iphdrlen > IP_HLEN) { if (iphdr_hlen > IP_HLEN) {
#endif /* LWIP_IGMP */ #endif /* LWIP_IGMP */
LWIP_DEBUGF(IP_DEBUG | 2, ("IP packet dropped since there were IP options (while IP_OPTIONS_ALLOWED == 0).\n")); LWIP_DEBUGF(IP_DEBUG | 2, ("IP packet dropped since there were IP options (while IP_OPTIONS_ALLOWED == 0).\n"));
pbuf_free(p); pbuf_free(p);