[lwip-devel] [bug #38153] nd6_input() byte order issues

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #38153] nd6_input() byte order issues

From:	Zach Smith
Subject:	[lwip-devel] [bug #38153] nd6_input() byte order issues
Date:	Wed, 23 Jan 2013 20:13:25 +0000
User-agent:	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11

URL:
  <http://savannah.nongnu.org/bugs/?38153>

                 Summary: nd6_input() byte order issues
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: zsmith
            Submitted on: Wed 23 Jan 2013 08:13:24 PM GMT
                Category: IPv6
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: git head

    _______________________________________________________

Details:

nd6_input() seems to have some byte order access issues.  There are a few
header accesses that should use ntohs() or ntohl().  Here are the ones that I
found:
(attached file with these changes)

-- Line 396: --
default_router_list[i].invalidation_timer = ra_hdr->router_lifetime;
should be:
default_router_list[i].invalidation_timer = ntohs(ra_hdr->router_lifetime);


-- Line 400-405: --
if (ra_hdr->retrans_timer > 0) {
  retrans_timer = ra_hdr->retrans_timer;
}
if (ra_hdr->reachable_time > 0) {
  reachable_time = ra_hdr->reachable_time;
}
should be:
if (ntohl(ra_hdr->retrans_timer) > 0) {
  retrans_timer = ntohl(ra_hdr->retrans_timer);
}
if (ntohl(ra_hdr->reachable_time) > 0) {
  reachable_time = ntohl(ra_hdr->reachable_time);
}


-- Line 441-447: --
struct mtu_option * mtu_opt;
mtu_opt = (struct mtu_option *)buffer;
if (mtu_opt->mtu >= 1280) {
#if LWIP_ND6_ALLOW_RA_UPDATES
    inp->mtu = mtu_opt->mtu;
#endif /* LWIP_ND6_ALLOW_RA_UPDATES */
}
should be:
struct mtu_option * mtu_opt;
mtu_opt = (struct mtu_option *)buffer;
if (ntohl(mtu_opt->mtu) >= 1280) {
#if LWIP_ND6_ALLOW_RA_UPDATES
    inp->mtu = ntohl(mtu_opt->mtu);
#endif /* LWIP_ND6_ALLOW_RA_UPDATES */
}


-- Line 468: --
prefix_list[i].invalidation_timer = prefix_opt->valid_lifetime;
should be:
prefix_list[i].invalidation_timer = ntohl(prefix_opt->valid_lifetime);


-- Line 597: -- 
destination_cache[i].pmtu = icmp6hdr->data;
should be
destination_cache[i].pmtu = ntohl(icmp6hdr->data);




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 23 Jan 2013 08:13:24 PM GMT  Name: nd6.c  Size: 59kB   By: zsmith

<http://savannah.nongnu.org/bugs/download.php?file_id=27318>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?38153>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #38153] nd6_input() byte order issues, Zach Smith <=

Prev by Date: Re: [lwip-devel] Feature request: make socket errors public on a per socket basis
Next by Date: [lwip-devel] [bug #38154] netif_set_link_up()/down() and IPv6
Previous by thread: [lwip-devel] [bug #38121] error in connect() with O_NONBLOCK
Next by thread: [lwip-devel] [bug #38154] netif_set_link_up()/down() and IPv6
Index(es):
- Date
- Thread