[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-devel] Problem with LWIP_ERROR in pbuf_header(..)
From: |
Kieran Mansley |
Subject: |
Re: [lwip-devel] Problem with LWIP_ERROR in pbuf_header(..) |
Date: |
Fri, 24 Apr 2009 15:56:08 +0100 |
On Fri, 2009-04-24 at 14:36 +0200, Fredrik Hederstierna wrote:
>
> Hi
>
> We have problems with getting LWIP_ERROR() in function pbuf_header
> (..) in "pbuf.c"
>
>
> The ASSERTING pbuf.c code looks like this, line 429
>
>
> if (header_size_increment < 0){
> increment_magnitude = -header_size_increment;
> /* Check that we aren't going to move off the end of the pbuf
> */
> -------->LWIP_ERROR("increment_magnitude <= p->len",
> (increment_magnitude <= p->len), return 1;);
>
>
>
>
> We suspect that its called from UDP code in udp_input(..) line 102:
>
>
> /* Check minimum length (IP header + UDP header)
> * and move payload pointer to UDP header */
> if (p->tot_len < (IPH_HL(iphdr) * 4 + UDP_HLEN) || pbuf_header(p, -
> (s16_t)(IPH_HL(iphdr) * 4))) {
>
>
> That is if incomming UDP packet is too short, so the call to
> pbuf_header() will trig LWIP_ERROR?
> Isn't it better to just drop illegal-size packets instead of ASSERT?
> What if header and header length is corrupted?
In the case you mention, shouldn't the first clause in the if statement
"if (p->tot_len < (IPH_HL(iphdr) * 4 + UDP_HLEN)" protect us from the
assertion? I.e. if the packet is short it should do that clause, but
then not the pbuf_header() call.
Also, it's a good idea subscribe to lwip-devel to make sure you see
replies to your questions. I've CC'd you as I noticed in this case that
you're not subscribed, but I don't always realise!
Kieran
Re: [lwip-devel] Problem with LWIP_ERROR in pbuf_header(..), Fredrik Hederstierna, 2009/04/29