Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-05-20 20:44:39 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

net/udp: Validate UDP length field against actual packet size

Browse Source 
According to RFC768 page 2, length feild is the length  in octets  of this user datagram  including  this header  and the data.

Signed-off-by: gaohedong <gaohedong@xiaomi.com>
This commit is contained in:
gaohedong
2025-12-27 13:51:26 +08:00
committed by Xiang Xiao
parent 18a5ec8410
commit 5ba6d3c4eb
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/udp/udp_input.c
+11
View File
@@ -215,6 +215,7 @@ static int udp_input(FAR struct net_driver_s *dev, unsigned int iplen)
FAR struct iob_s *iob;
#endif
unsigned int udpiplen;
unsigned int udpdatalen = dev->d_len - iplen;
#ifdef CONFIG_NET_UDP_CHECKSUMS
uint16_t chksum;
#endif
@@ -232,6 +233,16 @@ static int udp_input(FAR struct net_driver_s *dev, unsigned int iplen)
udp = IPBUF(iplen);
/* Check the UDP packet length */
if (udpdatalen < UDP_HDRLEN || ntohs(udp->udplen) != udpdatalen)
{
nwarn("WARNING: UDP length invalid: hdr=%u actual=%u\n",
ntohs(udp->udplen), udpdatalen);
dev->d_len = 0;
return ret;
}
/* Get the size of the IP header and the UDP header */
udpiplen = iplen + UDP_HDRLEN;