[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #22692] TCP: Header length not checked to be > 20

From: Jared Grubb
Subject: [lwip-devel] [bug #22692] TCP: Header length not checked to be > 20
Date: Mon, 24 Mar 2008 15:32:39 +0000
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20080201 Firefox/

Follow-up Comment #3, bug #22692 (project lwip):

The check Frederic mentions makes sure that there is room for a TCP header in
general, but there is no explicit check that the field holding header length
is valid (hdrlen must be >= 5). If hdrlen==0, for example, then the TCP header
itself will be passed to the application/next layer as data. 

Although I can't think of a way that this could be exploited, it is an error
in functionality -- and it's easy to fix :).


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]