mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-12-25 00:14:02 +00:00
ipv6 ready: Hop-by-Hop and destination option header must be checked more detailed (see patch #9455)
Hop-by-Hop, Destination option header structures consist of 2 unsigned char; next option type and header length field. And TLV(Type-Length-Value) option headers come by the number in header length field. If the option type in TLV option header is not recognized and 2 MSB is not 0, it is handled as an exception. Signed-off-by: goldsimon <goldsimon@gmx.de>
This commit is contained in:
parent
acb4b60517
commit
72171c12b5
@ -837,9 +837,18 @@ netif_found:
|
||||
default:
|
||||
goto options_done;
|
||||
}
|
||||
}
|
||||
options_done:
|
||||
|
||||
if (*nexth == IP6_NEXTH_HOPBYHOP) {
|
||||
/* Hop-by-Hop header comes only as a first option */
|
||||
icmp6_param_problem(p, ICMP6_PP_HEADER, nexth);
|
||||
LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Hop-by-Hop options header dropped (only valid as a first option)\n"));
|
||||
pbuf_free(p);
|
||||
IP6_STATS_INC(ip6.drop);
|
||||
goto ip6_input_cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
options_done:
|
||||
if (hlen_tot >= 0x8000) {
|
||||
/* s16_t overflow */
|
||||
LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_input: header length overflow: %"U16_F"\n", hlen_tot));
|
||||
|
Loading…
Reference in New Issue
Block a user