Fixed null-deref (cppcheck) + addressed copilot comment

danielinux · danielinux · commit 1a795828491d · 2026-03-30T13:40:03.000+02:00
diff --git a/src/test/unit/unit.c b/src/test/unit/unit.c
@@ -698,6 +698,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_proto, test_icmp_input_filter_drop_receiving);
     tcase_add_test(tc_proto, test_icmp_input_dest_unreach_port_unreachable_closes_matching_tcp_socket);
     tcase_add_test(tc_proto, test_icmp_input_dest_unreach_frag_needed_reduces_tcp_peer_mss);
+    tcase_add_test(tc_proto, test_icmp_input_dest_unreach_port_unreachable_quoted_ip_options_match_tcp_socket);
     tcase_add_test(tc_proto, test_udp_sendto_and_recvfrom);
     tcase_add_test(tc_proto, test_udp_sendto_respects_mtu_api);
     tcase_add_test(tc_proto, test_udp_recvfrom_sets_remote_ip);
diff --git a/src/test/unit/unit_tests_dns_dhcp.c b/src/test/unit/unit_tests_dns_dhcp.c
@@ -2142,6 +2142,65 @@ START_TEST(test_icmp_input_dest_unreach_frag_needed_reduces_tcp_peer_mss)
 }
 END_TEST
 
+START_TEST(test_icmp_input_dest_unreach_port_unreachable_quoted_ip_options_match_tcp_socket)
+{
+    struct wolfIP s;
+    struct tsocket *ts;
+    uint8_t packet[sizeof(struct wolfIP_icmp_dest_unreachable_packet) + 4];
+    struct wolfIP_icmp_packet *icmp = (struct wolfIP_icmp_packet *)packet;
+    struct wolfIP_ip_wire *orig_ip;
+    uint8_t *orig_tcp;
+    uint16_t port;
+    uint32_t icmp_body_len;
+    uint32_t frame_len;
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
+
+    ts = &s.tcpsockets[0];
+    memset(ts, 0, sizeof(*ts));
+    ts->proto = WI_IPPROTO_TCP;
+    ts->S = &s;
+    ts->sock.tcp.state = TCP_ESTABLISHED;
+    ts->local_ip = 0x0A000001U;
+    ts->remote_ip = 0x0A000002U;
+    ts->src_port = 1234;
+    ts->dst_port = 4321;
+
+    memset(packet, 0, sizeof(packet));
+    icmp_body_len = ICMP_HEADER_LEN + 24U + 8U;
+    icmp->ip.src = ee32(0x0A0000FEU);
+    icmp->ip.dst = ee32(ts->local_ip);
+    icmp->ip.ttl = 64;
+    icmp->ip.proto = WI_IPPROTO_ICMP;
+    icmp->ip.len = ee16(IP_HEADER_LEN + icmp_body_len);
+    icmp->type = ICMP_DEST_UNREACH;
+    icmp->code = ICMP_PORT_UNREACH;
+
+    orig_ip = (struct wolfIP_ip_wire *)(packet + sizeof(struct wolfIP_icmp_packet));
+    orig_ip->ver_ihl = 0x46;
+    orig_ip->proto = WI_IPPROTO_TCP;
+    orig_ip->src = ee32(ts->local_ip);
+    orig_ip->dst = ee32(ts->remote_ip);
+    orig_ip->len = ee16(24U + 8U);
+    memset(orig_ip->data, 0xAB, 4);
+
+    orig_tcp = ((uint8_t *)orig_ip) + 24U;
+    port = ee16(ts->src_port);
+    memcpy(orig_tcp, &port, sizeof(port));
+    port = ee16(ts->dst_port);
+    memcpy(orig_tcp + sizeof(port), &port, sizeof(port));
+
+    icmp->csum = ee16(icmp_checksum(icmp, icmp_body_len));
+    frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + icmp_body_len);
+
+    icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)icmp, frame_len);
+
+    ck_assert_uint_eq(ts->proto, 0U);
+}
+END_TEST
+
 START_TEST(test_dns_send_query_errors)
 {
     struct wolfIP s;
diff --git a/src/wolfip.c b/src/wolfip.c
@@ -1984,7 +1984,8 @@ static void icmp_try_deliver_tcp_error(struct wolfIP *s,
                                        const struct wolfIP_icmp_packet *icmp)
 {
     const struct wolfIP_ip_wire *orig_ip;
-    const struct wolfIP_tcp_wire_prefix *orig_tcp;
+    const uint8_t *orig_tcp;
+    uint16_t src_port, dst_port;
     uint32_t icmp_len;
     uint32_t avail;
     uint32_t orig_hlen;
@@ -2012,7 +2013,9 @@ static void icmp_try_deliver_tcp_error(struct wolfIP *s,
     if (avail < (orig_hlen + 8U))
         return;
 
-    orig_tcp = (const struct wolfIP_tcp_wire_prefix *)orig_ip;
+    orig_tcp = ((const uint8_t *)orig_ip) + orig_hlen;
+    memcpy(&src_port, orig_tcp, sizeof(src_port));
+    memcpy(&dst_port, orig_tcp + sizeof(src_port), sizeof(dst_port));
     for (i = 0; i < MAX_TCPSOCKETS; i++) {
         struct tsocket *t = &s->tcpsockets[i];
 
@@ -2022,8 +2025,7 @@ static void icmp_try_deliver_tcp_error(struct wolfIP *s,
             continue;
         if (t->local_ip != ee32(orig_ip->src) || t->remote_ip != ee32(orig_ip->dst))
             continue;
-        if (t->src_port != ee16(orig_tcp->src_port) ||
-                t->dst_port != ee16(orig_tcp->dst_port))
+        if (t->src_port != ee16(src_port) || t->dst_port != ee16(dst_port))
             continue;
 
         if (icmp->type == ICMP_DEST_UNREACH) {
@@ -5923,11 +5925,15 @@ static int dhcp_send_discover(struct wolfIP *s)
     struct dhcp_msg disc;
     struct dhcp_option *opt = (struct dhcp_option *)(disc.options);
     struct wolfIP_sockaddr_in sin;
-    uint64_t retry_at = s ? (s->last_tick + 1U) : 0;
+    uint64_t retry_at;
     int ret;
     uint32_t opt_sz = 0;
 
-    if (s && s->dhcp_state == DHCP_OFF)
+    if (!s)
+        return -1;
+
+    retry_at = s->last_tick + 1U;
+    if (s->dhcp_state == DHCP_OFF)
         s->dhcp_start_tick = s->last_tick;
 
     /* Prepare DHCP discover */
