From c8d126f6ef6490c503d192fce5785c48f1533b3d Mon Sep 17 00:00:00 2001
From: sg <goldsimon@gmx.de>
Date: Wed, 25 Feb 2015 22:23:12 +0100
Subject: [PATCH] work on task #12357 (Ensure that malicious packets don't
 assert-fail): don't let too short IP packets assert-fail; fix that IPv6 input
 did not obey VLAN header offset

---
 src/netif/etharp.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/netif/etharp.c b/src/netif/etharp.c
index 05b2842b..44a19e2e 100644
--- a/src/netif/etharp.c
+++ b/src/netif/etharp.c
@@ -1427,8 +1427,11 @@ ethernet_input(struct pbuf *p, struct netif *netif)
       etharp_ip_input(netif, p);
 #endif /* ETHARP_TRUST_IP_MAC */
       /* skip Ethernet header */
-      if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
-        LWIP_ASSERT("Can't move over header in packet", 0);
+      if (pbuf_header(p, (s16_t)-ip_hdr_offset)) {
+        LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
+          ("ethernet_input: IPv4 packet dropped, too short (%"S16_F"/%"S16_F")\n",
+          p->tot_len, ip_hdr_offset));
+        LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE, ("Can't move over header in packet"));
         goto free_and_return;
       } else {
         /* pass to IP layer */
@@ -1457,8 +1460,10 @@ ethernet_input(struct pbuf *p, struct netif *netif)
 #if LWIP_IPV6
     case PP_HTONS(ETHTYPE_IPV6): /* IPv6 */
       /* skip Ethernet header */
-      if(pbuf_header(p, -(s16_t)SIZEOF_ETH_HDR)) {
-        LWIP_ASSERT("Can't move over header in packet", 0);
+      if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
+        LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
+          ("ethernet_input: IPv6 packet dropped, too short (%"S16_F"/%"S16_F")\n",
+          p->tot_len, ip_hdr_offset));
         goto free_and_return;
       } else {
         /* pass to IPv6 layer */