ip.c: Fix bug #21846 "LwIP doesn't appear to perform any IP Source Address Filtering" reported by Tom Evans.

2024-11-04 14:29:39 +00:00 · 2007-12-30 01:09:11 +00:00 · 2007-12-30 01:09:11 +00:00 · 8d39b1a152
commit 8d39b1a152
parent 1ed34774c8
2 changed files with 27 additions and 0 deletions
--- a/4
+++ b/4
@ -19,6 +19,10 @@ HISTORY

  ++ New features:

+  2007-12-31 Frédéric Bernon, Tom Evans
+  * ip.c: Fix bug #21846 "LwIP doesn't appear to perform any IP Source Address
+    Filtering" reported by Tom Evans.
+
  2007-12-21 Frédéric Bernon, Simon Goldschmidt, Jonathan Larmour
  * tcp.h, opt.h, api.h, api_msg.h, tcp.c, tcp_in.c, api_lib.c, api_msg.c,
    sockets.c, init.c: task #7252: Implement TCP listen backlog: Warning: raw API
--- a/src/core/ipv4/ip.c
+++ b/src/core/ipv4/ip.c
@ -178,6 +178,9 @@ ip_input(struct pbuf *p, struct netif *inp)
  struct ip_hdr *iphdr;
  struct netif *netif;
  u16_t iphdrlen;
+#if LWIP_DHCP
+  int   ipsrcchecking=1;
+#endif /* LWIP_DHCP */

  IP_STATS_INC(ip.recv);
  snmp_inc_ipinreceives();
@ -193,6 +196,7 @@ ip_input(struct pbuf *p, struct netif *inp)
    snmp_inc_ipinhdrerrors();
    return ERR_OK;
  }
+
  /* obtain IP header length in number of 32-bit words */
  iphdrlen = IPH_HL(iphdr);
  /* calculate IP header length in bytes */
@ -288,10 +292,29 @@ ip_input(struct pbuf *p, struct netif *inp)
      if (ntohs(((struct udp_hdr *)((u8_t *)iphdr + iphdrlen))->dest) == DHCP_CLIENT_PORT) {
        LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | 1, ("ip_input: DHCP packet accepted.\n"));
        netif = inp;
+        ipsrcchecking = 0;
      }
    }
  }
 #endif /* LWIP_DHCP */
+
+  /* broadcast or multicast packet source address? Compliant with RFC 1122: 3.2.1.3 */
+#if LWIP_DHCP
+  if (ipsrcchecking)
+#endif /* LWIP_DHCP */
+  {  if ((ip_addr_isbroadcast(&(iphdr->src), inp)) ||
+         (ip_addr_ismulticast(&(iphdr->src)))) {
+      /* packet source is not valid */
+      LWIP_DEBUGF(IP_DEBUG | LWIP_DBG_TRACE | 1, ("ip_input: packet source is not valid.\n"));
+      /* free (drop) packet pbufs */
+      pbuf_free(p);
+      IP_STATS_INC(ip.drop);
+      snmp_inc_ipinaddrerrors();
+      snmp_inc_ipindiscards();
+      return ERR_OK;
+    }
+  }
+
  /* packet not for us? */
  if (netif == NULL) {
    /* packet not for us, route or discard */