riot-ci/RIOT
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #479 from LudwigOrtmann/nativenet_lenchck

Browse Source 
Nativenet length check and cleanup
This commit is contained in:
Ludwig Ortmann 2014-01-10 01:47:35 -08:00
commit 6fe1ecd1b4
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cpu/native/include/tap.h
View File

@ -44,7 +44,7 @@ struct nativenet_header {
struct nativenet_packet { struct nativenet_packet {
struct nativenet_header nn_header; struct nativenet_header nn_header;
unsigned char data[ETHERMTU - sizeof(struct nativenet_header)]; uint8_t data[ETHERMTU - sizeof(struct nativenet_header)];
} __attribute__((packed)); } __attribute__((packed));
union eth_frame { union eth_frame {

2
cpu/native/net/interface.c
View File

@ -160,7 +160,7 @@ void do_cb(int event)
} }
void _nativenet_handle_packet(radio_packet_t *packet) void _nativenet_handle_packet(radio_packet_t *packet)
{ {
radio_address_t dst_addr = packet->dst; radio_address_t dst_addr = packet->dst;
/* address filter / monitor mode */ /* address filter / monitor mode */

9
cpu/native/net/tap.c
View File

@ -91,8 +91,13 @@ void _native_handle_tap_input(void)
/* XXX: check overflow */ /* XXX: check overflow */
p.length = ntohs(frame.field.payload.nn_header.length); p.length = ntohs(frame.field.payload.nn_header.length);
p.data = frame.field.payload.data; p.data = frame.field.payload.data;
DEBUG("_native_handle_tap_input: received packet of length %"PRIu16" for %"PRIu16" from %"PRIu16"\n", p.length, p.dst, p.src); if (p.length > (nread - sizeof(struct nativenet_header))) {
_nativenet_handle_packet(&p); warnx("_native_handle_tap_input: packet with malicious length field received, discarding");
}
else {
DEBUG("_native_handle_tap_input: received packet of length %"PRIu16" for %"PRIu16" from %"PRIu16"\n", p.length, p.dst, p.src);
_nativenet_handle_packet(&p);
}
} }
} }
else { else {