mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-11-19 05:10:40 +00:00
work on task #12357 (Ensure that malicious packets don't assert-fail): don't let too short IP packets assert-fail; fix that IPv6 input did not obey VLAN header offset
This commit is contained in:
parent
9004554da3
commit
c8d126f6ef
@ -1427,8 +1427,11 @@ ethernet_input(struct pbuf *p, struct netif *netif)
|
|||||||
etharp_ip_input(netif, p);
|
etharp_ip_input(netif, p);
|
||||||
#endif /* ETHARP_TRUST_IP_MAC */
|
#endif /* ETHARP_TRUST_IP_MAC */
|
||||||
/* skip Ethernet header */
|
/* skip Ethernet header */
|
||||||
if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
|
if (pbuf_header(p, (s16_t)-ip_hdr_offset)) {
|
||||||
LWIP_ASSERT("Can't move over header in packet", 0);
|
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
|
||||||
|
("ethernet_input: IPv4 packet dropped, too short (%"S16_F"/%"S16_F")\n",
|
||||||
|
p->tot_len, ip_hdr_offset));
|
||||||
|
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE, ("Can't move over header in packet"));
|
||||||
goto free_and_return;
|
goto free_and_return;
|
||||||
} else {
|
} else {
|
||||||
/* pass to IP layer */
|
/* pass to IP layer */
|
||||||
@ -1457,8 +1460,10 @@ ethernet_input(struct pbuf *p, struct netif *netif)
|
|||||||
#if LWIP_IPV6
|
#if LWIP_IPV6
|
||||||
case PP_HTONS(ETHTYPE_IPV6): /* IPv6 */
|
case PP_HTONS(ETHTYPE_IPV6): /* IPv6 */
|
||||||
/* skip Ethernet header */
|
/* skip Ethernet header */
|
||||||
if(pbuf_header(p, -(s16_t)SIZEOF_ETH_HDR)) {
|
if(pbuf_header(p, (s16_t)-ip_hdr_offset)) {
|
||||||
LWIP_ASSERT("Can't move over header in packet", 0);
|
LWIP_DEBUGF(ETHARP_DEBUG | LWIP_DBG_TRACE | LWIP_DBG_LEVEL_WARNING,
|
||||||
|
("ethernet_input: IPv6 packet dropped, too short (%"S16_F"/%"S16_F")\n",
|
||||||
|
p->tot_len, ip_hdr_offset));
|
||||||
goto free_and_return;
|
goto free_and_return;
|
||||||
} else {
|
} else {
|
||||||
/* pass to IPv6 layer */
|
/* pass to IPv6 layer */
|
||||||
|
Loading…
Reference in New Issue
Block a user