mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-01 04:12:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

work on task #12357 (Ensure that malicious packets don't assert-fail): don't let too short IP packets assert-fail; fix that IPv6 input did not obey VLAN header offset

Browse Source
This commit is contained in:
sg 2015-02-25 22:23:12 +01:00
parent 9004554da3
commit c8d126f6ef
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/netif/etharp.c
View File

@ -1427,8 +1427,11 @@ ethernet_input(struct pbuf *p, struct netif *netif)
etharp_ip_input(netif, p);
#endif /* ETHARP_TRUST_IP_MAC */
/* skip Ethernet header */
if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
LWIP_ASSERT("Can't move over header in packet", 0);
if (pbuf_header(p, (s16_t)-ip_hdr_offset)) {
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
("ethernet_input: IPv4 packet dropped, too short (%"S16_F"/%"S16_F")\n",
p->tot_len, ip_hdr_offset));
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE, ("Can't move over header in packet"));
goto free_and_return;
} else {
/* pass to IP layer */
@ -1457,8 +1460,10 @@ ethernet_input(struct pbuf *p, struct netif *netif)
#if LWIP_IPV6
case PP_HTONS(ETHTYPE_IPV6): /* IPv6 */
/* skip Ethernet header */
if(pbuf_header(p, -(s16_t)SIZEOF_ETH_HDR)) {
LWIP_ASSERT("Can't move over header in packet", 0);
if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
("ethernet_input: IPv6 packet dropped, too short (%"S16_F"/%"S16_F")\n",
p->tot_len, ip_hdr_offset));
goto free_and_return;
} else {
/* pass to IPv6 layer */