mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-09-13 02:05:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Try to fix issues reported by coverity

Browse Source
This commit is contained in:
goldsimon 2018-02-13 12:10:19 +01:00
parent e20e9bc3d4
commit d4047ea1d1
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/netif/ppp/pppoe.c
View File

@ -372,7 +372,7 @@ static struct pppoe_softc* pppoe_find_softc_by_hunique(u8_t *token, size_t len,
void void
pppoe_disc_input(struct netif *netif, struct pbuf *pb) pppoe_disc_input(struct netif *netif, struct pbuf *pb)
{ {
u16_t tag, len; u16_t tag, len, off;
u16_t session, plen; u16_t session, plen;
struct pppoe_softc *sc; struct pppoe_softc *sc;
#if PPP_DEBUG #if PPP_DEBUG
@ -386,7 +386,7 @@ pppoe_disc_input(struct netif *netif, struct pbuf *pb)
#endif #endif
struct pppoehdr *ph; struct pppoehdr *ph;
struct pppoetag pt; struct pppoetag pt;
int off, err; int err;
struct eth_hdr *ethhdr; struct eth_hdr *ethhdr;
/* don't do anything if there is not a single PPPoE instance */ /* don't do anything if there is not a single PPPoE instance */
@ -397,11 +397,7 @@ pppoe_disc_input(struct netif *netif, struct pbuf *pb)
pb = pbuf_coalesce(pb, PBUF_RAW); pb = pbuf_coalesce(pb, PBUF_RAW);
if (pb->len < sizeof(*ethhdr)) {
goto done;
}
ethhdr = (struct eth_hdr *)pb->payload; ethhdr = (struct eth_hdr *)pb->payload;
off = sizeof(*ethhdr);
ac_cookie = NULL; ac_cookie = NULL;
ac_cookie_len = 0; ac_cookie_len = 0;
@ -410,7 +406,8 @@ pppoe_disc_input(struct netif *netif, struct pbuf *pb)
hunique_len = 0; hunique_len = 0;
#endif #endif
session = 0; session = 0;
if (pb->len - off < (u16_t)PPPOE_HEADERLEN) { off = sizeof(struct eth_hdr) + sizeof(struct pppoehdr);
if (pb->len < off) {
PPPDEBUG(LOG_DEBUG, ("pppoe: packet too short: %d\n", pb->len)); PPPDEBUG(LOG_DEBUG, ("pppoe: packet too short: %d\n", pb->len));
goto done; goto done;
} }
@ -422,15 +419,18 @@ pppoe_disc_input(struct netif *netif, struct pbuf *pb)
} }
session = lwip_ntohs(ph->session); session = lwip_ntohs(ph->session);
plen = lwip_ntohs(ph->plen); plen = lwip_ntohs(ph->plen);
off += sizeof(*ph);
if (plen + off > pb->len) { if (plen > (pb->len - off)) {
PPPDEBUG(LOG_DEBUG, ("pppoe: packet content does not fit: data available = %d, packet size = %u\n", PPPDEBUG(LOG_DEBUG, ("pppoe: packet content does not fit: data available = %d, packet size = %u\n",
pb->len - off, plen)); pb->len - off, plen));
goto done; goto done;
} }
if(pb->tot_len == pb->len) { if(pb->tot_len == pb->len) {
pb->tot_len = pb->len = (u16_t)off + plen; /* ignore trailing garbage */ u16_t framelen = off + plen;
if (framelen < pb->len) {
/* ignore trailing garbage */
pb->tot_len = pb->len = framelen;
}
} }
tag = 0; tag = 0;
len = 0; len = 0;
@ -1044,7 +1044,12 @@ pppoe_send_padt(struct netif *outgoing_if, u_int session, const u8_t *dest)
} }
LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len); LWIP_ASSERT("pb->tot_len == pb->len", pb->tot_len == pb->len);
pbuf_add_header(pb, sizeof(struct eth_hdr)); if (pbuf_add_header(pb, sizeof(struct eth_hdr))) {
PPPDEBUG(LOG_ERR, ("pppoe: %c%c%"U16_F": pppoe_send_padt: could not allocate room for PPPoE header\n", sc->sc_ethif->name[0], sc->sc_ethif->name[1], sc->sc_ethif->num));
LINK_STATS_INC(link.lenerr);
pbuf_free(pb);
return ERR_BUF;
}
ethhdr = (struct eth_hdr *)pb->payload; ethhdr = (struct eth_hdr *)pb->payload;
ethhdr->type = PP_HTONS(ETHTYPE_PPPOEDISC); ethhdr->type = PP_HTONS(ETHTYPE_PPPOEDISC);
MEMCPY(&ethhdr->dest.addr, dest, sizeof(ethhdr->dest.addr)); MEMCPY(&ethhdr->dest.addr, dest, sizeof(ethhdr->dest.addr));