lwip-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #35616] Corruption of ICMP with IP fragmentation and a


From: Lars Jeppesen
Subject: [lwip-devel] [bug #35616] Corruption of ICMP with IP fragmentation and alignment > 2
Date: Fri, 24 Feb 2012 08:51:09 +0000
User-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

URL:
  <http://savannah.nongnu.org/bugs/?35616>

                 Summary: Corruption of ICMP with IP fragmentation and
alignment > 2
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: larsjep
            Submitted on: Fri Feb 24 08:51:08 2012
                Category: IPv4
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.4.0

    _______________________________________________________

Details:

Corruption of ICMP with IP fragmentation and alignment > 2

Hi,

I have discovered a problem in the IP fragmentation.
The problems occurs when I ping my target with an ICMP package that requires
IP fragmentation.

What happens is that the ICMP reply from my target is corrupted, or more
precise the 2 first bytes are missing.

This is what happens in the code:
(NOTE: My target requires 4 bytes alignment, MEM_ALIGNMENT=4)

1. The Ethernet package is placed in an pbuf and the payload is aligned.
2. The Ethernet header (14 bytes) is removed and payload is now unaligned.
3. The IP header is removed and the payload is still unaligned.
4. The ICMP sends back the incomming data by using the same pbuf. (That have
an unaligned payload)
5. In ip_frag.c a new pbuf is created with pbuf_alloced_custom, but in pbuf.c,
line 379, 
   the new payload pointer is aligned, and therefore the new payload pointer
points incorrectly.
6. The returned ICMP reply is incorrect.


NOTE: It seems that this problem is related to bug #34534. But the difference
is that my bug occurs when alignment is > 2.

Best regard
  Lars Jeppesen




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?35616>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/




reply via email to

[Prev in Thread] Current Thread [Next in Thread]