F5/unison
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bug #1318 (Reopened) - Ipv6L3Protocol::LocalDeliver can get stuck in an infinite loop trying to decode a malformed packet

Browse Source
This commit is contained in:
Tommaso Pecorella
2013-03-14 21:21:04 +01:00
parent 218f51e7bd
commit e23676c7ab
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/internet/model/ipv6-l3-protocol.cc
View File

@@ -993,15 +993,17 @@ void Ipv6L3Protocol::LocalDeliver (Ptr<const Packet> packet, Ipv6Header const& i
uint8_t nextHeaderPosition = 0;
bool isDropped = false;
/* process hop-by-hop extension first if exists */
// check for a malformed hop-by-hop extension
// this is a common case when forging IPv6 raw packets
if (nextHeader == Ipv6Header::IPV6_EXT_HOP_BY_HOP)
{
uint8_t buf[2];
p->CopyData (buf, sizeof(buf));
nextHeader = buf[0];
nextHeaderPosition = buf[1];
NS_ASSERT_MSG (nextHeader != Ipv6Header::IPV6_EXT_HOP_BY_HOP, "Double Ipv6Header::IPV6_EXT_HOP_BY_HOP in packet, aborting");
NS_ASSERT_MSG (nextHeaderPosition != 0, "Zero-size IPv6 Option Header, aborting");
uint8_t buf;
p->CopyData (&buf, 1);
if (buf == Ipv6Header::IPV6_EXT_HOP_BY_HOP)
{
NS_LOG_WARN("Double Ipv6Header::IPV6_EXT_HOP_BY_HOP in packet, dropping packet");
return;
}
}
/* process all the extensions found and the layer 4 protocol */