fixed bug #40177 (System hangs when dealing with corrupted packets), implemented task #12357 (Ensure that malicious packets don't assert-fail): improved some pbuf_header calls to not assert-fail.

2026-05-31 15:04:12 +08:00 · 2015-02-25 22:58:27 +01:00
parent c8d126f6ef
commit 5984c996a8
3 changed files with 12 additions and 6 deletions
--- a/src/core/ipv4/ip4.c
+++ b/src/core/ipv4/ip4.c
@@ -352,6 +352,11 @@ ip_input(struct pbuf *p, struct netif *inp)
  /* obtain ip length in bytes */
  iphdr_len = ntohs(IPH_LEN(iphdr));

+  /* Trim pbuf. This is especially required for packets < 60 bytes. */
+  if (iphdr_len < p->tot_len) {
+    pbuf_realloc(p, iphdr_len);
+  }
+
  /* header length exceeds first pbuf length, or ip length exceeds total pbuf length? */
  if ((iphdr_hlen > p->len) || (iphdr_len > p->tot_len)) {
    if (iphdr_hlen > p->len) {
@@ -387,10 +392,6 @@ ip_input(struct pbuf *p, struct netif *inp)
  }
 #endif

-  /* Trim pbuf. This should have been done at the netif layer,
-   * but we'll do it anyway just to be sure that its done. */
-  pbuf_realloc(p, iphdr_len);
-
  /* copy IP addresses to aligned ip_addr_t */
  ip_addr_copy(*ipX_2_ip(&ip_data.current_iphdr_dest), iphdr->dest);
  ip_addr_copy(*ipX_2_ip(&ip_data.current_iphdr_src), iphdr->src);