mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-07-07 21:38:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

ipv6 ready: Hop-by-Hop and destination option header must be checked more detailed (see patch #9455)

Browse Source 
Hop-by-Hop, Destination option header structures consist of 2 unsigned char; next option type and header length field.
And TLV(Type-Length-Value) option headers come by the number in header length field.
If the option type in TLV option header is not recognized and 2 MSB is not 0, it is handled as an exception.

Signed-off-by: goldsimon <goldsimon@gmx.de>
This commit is contained in:
Jisu Kim 2017-09-19 14:12:10 +02:00 committed by goldsimon
parent acb4b60517
commit 72171c12b5
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/core/ipv6/ip6.c
View File

@ -837,9 +837,18 @@ netif_found:
default:
goto options_done;
}
}
options_done:
if (*nexth == IP6_NEXTH_HOPBYHOP) {
/* Hop-by-Hop header comes only as a first option */
icmp6_param_problem(p, ICMP6_PP_HEADER, nexth);
LWIP_DEBUGF(IP6_DEBUG, ("ip6_input: packet with Hop-by-Hop options header dropped (only valid as a first option)\n"));
pbuf_free(p);
IP6_STATS_INC(ip6.drop);
goto ip6_input_cleanup;
}
}
options_done:
if (hlen_tot >= 0x8000) {
/* s16_t overflow */
LWIP_DEBUGF(IP6_DEBUG | LWIP_DBG_LEVEL_SERIOUS, ("ip6_input: header length overflow: %"U16_F"\n", hlen_tot));