[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #22692] TCP: Header length not checked to be > 20

From: Jared Grubb
Subject: [lwip-devel] [bug #22692] TCP: Header length not checked to be > 20
Date: Sat, 22 Mar 2008 14:55:23 +0000
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv: Gecko/20080118 Camino/1.6b2 (like Firefox/


                 Summary: TCP: Header length not checked to be > 20
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: jgrubb
            Submitted on: Saturday 03/22/2008 at 07:55
                Category: TCP
                Severity: 6 - Security
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 



hdrlen = TCPH_HDRLEN(tcphdr);
if(pbuf_header(p, -(hdrlen * 4))){

There should be a check to make sure that hdrlen >= 5 (ie 20 bytes). The code
currently checks whether the hdrlen given will overrun the whole packet, but
does not verify that the value is a valid TCP header length.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]