lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #35151] DHCP asserts on incoming option lengths

From: Erik Ekman
Subject: [lwip-devel] [bug #35151] DHCP asserts on incoming option lengths
Date: Thu, 22 Dec 2011 12:01:57 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2 
URL:
  <http://savannah.nongnu.org/bugs/?35151>

                 Summary: DHCP asserts on incoming option lengths
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: yarrick
            Submitted on: Thu 22 Dec 2011 12:01:56 PM GMT
                Category: None
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.4.0

    _______________________________________________________

Details:

In dhcp_parse_reply() when parsing DHCP options the option lengths are checked
with LWIP_ASSERT(). When asserts are enabled this means that someone can
remotely hang the system running lwIP just by inserting bad DHCP packets.

The packet should just be dropped if any of the DHCP options have incorrect
length.

This is present in 1.4.0 but also in latest git.




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?35151>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]