[lwip-devel] [bug #51528] Bug when parsing WND

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #51528] Bug when parsing WND_SCALE option

From:	Pascal Quantin
Subject:	[lwip-devel] [bug #51528] Bug when parsing WND_SCALE option
Date:	Fri, 21 Jul 2017 11:32:44 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0

URL:
  <http://savannah.nongnu.org/bugs/?51528>

                 Summary: Bug when parsing WND_SCALE option
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: pquantin
            Submitted on: Fri 21 Jul 2017 03:32:43 PM UTC
                Category: TCP
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: 2.0.2

    _______________________________________________________

Details:

With the current source code, when parsing the WND_SCALE, the window scaling
byte is only read if the current packet is a SYN one and not a
retransmission:

        /* If syn was received with wnd scale option,
           activate wnd scale opt, but only if this is not a retransmission
*/
        if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
          /* An WND_SCALE option with the right option length. */
          data = tcp_getoptbyte();

But the data byte should always be read, even in case of TCP retransmission.
Otherwise tcp_optidx is not incremented and it breaks the rest of the options
parsing.

The proposed patch below solves my issue:

diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c
index ba879284..93a07678 100644
--- a/src/core/tcp_in.c
+++ b/src/core/tcp_in.c
@@ -1749,11 +1749,11 @@ tcp_parseopt(struct tcp_pcb *pcb)
           LWIP_DEBUGF(TCP_INPUT_DEBUG, ("tcp_parseopt: bad length\n"));
           return;
         }
+        data = tcp_getoptbyte();
         /* If syn was received with wnd scale option,
            activate wnd scale opt, but only if this is not a retransmission
*/
         if ((flags & TCP_SYN) && !(pcb->flags & TF_WND_SCALE)) {
           /* An WND_SCALE option with the right option length. */
-          data = tcp_getoptbyte();
           pcb->snd_scale = data;
           if (pcb->snd_scale > 14U) {
             pcb->snd_scale = 14U;





    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?51528>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #51528] Bug when parsing WND_SCALE option, Pascal Quantin <=
- [lwip-devel] [bug #51528] Bug when parsing WND_SCALE option, Simon Goldschmidt, 2017/07/24

Prev by Date: [lwip-devel] [bug #51525] MQTT_OUTPUT_RINGBUF_SIZE validation
Next by Date: [lwip-devel] [task #14420] Remove sys_sem_signal from inside SYS_ARCH_PROTECT crit section
Previous by thread: [lwip-devel] [bug #51525] MQTT_OUTPUT_RINGBUF_SIZE validation
Next by thread: [lwip-devel] [bug #51528] Bug when parsing WND_SCALE option
Index(es):
- Date
- Thread