work on task #12357 (Ensure that malicious packets don't assert-fail): don't let too short IP packets assert-fail; fix that IPv6 input did not obey VLAN header offset

This commit is contained in:
sg 2015-02-25 22:23:12 +01:00
parent 9004554da3
commit c8d126f6ef

View File

@ -1427,8 +1427,11 @@ ethernet_input(struct pbuf *p, struct netif *netif)
etharp_ip_input(netif, p); etharp_ip_input(netif, p);
#endif /* ETHARP_TRUST_IP_MAC */ #endif /* ETHARP_TRUST_IP_MAC */
/* skip Ethernet header */ /* skip Ethernet header */
if(pbuf_header(p, (s16_t)-ip_hdr_offset)) { if (pbuf_header(p, (s16_t)-ip_hdr_offset)) {
LWIP_ASSERT("Can't move over header in packet", 0); LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
("ethernet_input: IPv4 packet dropped, too short (%"S16_F"/%"S16_F")\n",
p->tot_len, ip_hdr_offset));
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE, ("Can't move over header in packet"));
goto free_and_return; goto free_and_return;
} else { } else {
/* pass to IP layer */ /* pass to IP layer */
@ -1457,8 +1460,10 @@ ethernet_input(struct pbuf *p, struct netif *netif)
#if LWIP_IPV6 #if LWIP_IPV6
case PP_HTONS(ETHTYPE_IPV6): /* IPv6 */ case PP_HTONS(ETHTYPE_IPV6): /* IPv6 */
/* skip Ethernet header */ /* skip Ethernet header */
if(pbuf_header(p, -(s16_t)SIZEOF_ETH_HDR)) { if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
LWIP_ASSERT("Can't move over header in packet", 0); LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
("ethernet_input: IPv6 packet dropped, too short (%"S16_F"/%"S16_F")\n",
p->tot_len, ip_hdr_offset));
goto free_and_return; goto free_and_return;
} else { } else {
/* pass to IPv6 layer */ /* pass to IPv6 layer */