[lwip-devel] [bug #21846] LwIP doesn't appear to perform any IP Source Address Filtering

[Tom Evans]

URL:
  <http://savannah.nongnu.org/bugs/?21846>

                 Summary: LwIP doesn't appear to perform any IP Source
Address Filtering
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: tom_evans
            Submitted on: Wednesday 12/19/2007 at 01:32
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 

    _______________________________________________________

Details:

RFC1122 (October 1989):
ftp://ftp.rfc-editor.org/in-notes/rfc1122.txt
Section 3.2.1.3

"A host MUST silently discard an incoming datagram
containing an IP source address that is invalid by
the rules of this section.  This validation could
be done in either the IP layer or by each protocol
in the transport layer."

By "this section" above they mean Multicast or Broadcast.

I can't find anything in ip.c that performs this check. There are no apparent
checks on the source address in there, udp.c or tcp_input.c.

The test might be as simple as the following, but I haven't checked this at
all, I'm assuming the broadcast test code is appropriate:

/* Broadcast or Multicast Source address, RFC 1122: 3.2.1.3 */
if ((ip_addr_isbroadcast(&(iphdr->src), inp)) ||
    (ip_addr_ismulticast(&(iphdr->src)))) {
    ... debug print, free buffer, count stats, return ERR ...
}

It should probably go in ip.c after "#endif /* LWIP_DHCP */" as I think DHCP
can use strange source addresses.







    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?21846>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/