Skip to content

Commit 4502d00

Browse files
danielinuxdanielinux
committed
icmp_input: discard packets with bad checksum
F/693
1 parent 649cfb5 commit 4502d00

2 files changed

Lines changed: 40 additions & 0 deletions

File tree

src/test/unit/unit.c

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5774,6 +5774,7 @@ START_TEST(test_icmp_input_echo_reply_queues)
57745774
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
57755775
icmp.type = ICMP_ECHO_REPLY;
57765776
icmp_set_echo_id(&icmp, ts->src_port);
5777+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
57775778
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
57785779

57795780
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -5800,6 +5801,7 @@ START_TEST(test_icmp_input_echo_request_reply_sent)
58005801
icmp.ip.ttl = 64;
58015802
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
58025803
icmp.type = ICMP_ECHO_REQUEST;
5804+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
58035805
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
58045806

58055807
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -5808,6 +5810,34 @@ START_TEST(test_icmp_input_echo_request_reply_sent)
58085810
}
58095811
END_TEST
58105812

5813+
START_TEST(test_icmp_input_echo_request_bad_checksum_dropped)
5814+
{
5815+
struct wolfIP s;
5816+
struct wolfIP_icmp_packet icmp;
5817+
uint32_t frame_len;
5818+
5819+
wolfIP_init(&s);
5820+
mock_link_init(&s);
5821+
s.dhcp_state = DHCP_OFF;
5822+
wolfIP_filter_set_callback(NULL, NULL);
5823+
last_frame_sent_size = 0;
5824+
5825+
memset(&icmp, 0, sizeof(icmp));
5826+
icmp.ip.src = ee32(0x0A000002U);
5827+
icmp.ip.dst = ee32(0x0A000001U);
5828+
icmp.ip.ttl = 64;
5829+
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
5830+
icmp.type = ICMP_ECHO_REQUEST;
5831+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
5832+
icmp.csum ^= ee16(0x0001);
5833+
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
5834+
5835+
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
5836+
5837+
ck_assert_uint_eq(last_frame_sent_size, 0U);
5838+
}
5839+
END_TEST
5840+
58115841
START_TEST(test_icmp_input_echo_request_odd_len_reply_checksum)
58125842
{
58135843
struct wolfIP s;
@@ -5842,6 +5872,7 @@ START_TEST(test_icmp_input_echo_request_odd_len_reply_checksum)
58425872
icmp->code = 0;
58435873
icmp->csum = 0;
58445874
((uint8_t *)&icmp->type)[ICMP_HEADER_LEN] = 0xAB;
5875+
icmp->csum = ee16(icmp_checksum(icmp, icmp_len));
58455876

58465877
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + icmp_len);
58475878
icmp_input(&s, TEST_PRIMARY_IF, ip, frame_len);
@@ -5883,6 +5914,7 @@ START_TEST(test_icmp_input_echo_request_dhcp_running_no_reply)
58835914
icmp.ip.dst = ee32(0x0A000001U);
58845915
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
58855916
icmp.type = ICMP_ECHO_REQUEST;
5917+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
58865918
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
58875919

58885920
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -5909,6 +5941,7 @@ START_TEST(test_icmp_input_echo_request_filter_drop)
59095941
icmp.ip.dst = ee32(0x0A000001U);
59105942
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
59115943
icmp.type = ICMP_ECHO_REQUEST;
5944+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
59125945
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
59135946

59145947
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -5938,6 +5971,7 @@ START_TEST(test_icmp_input_echo_request_ip_filter_drop)
59385971
icmp.ip.dst = ee32(0x0A000001U);
59395972
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
59405973
icmp.type = ICMP_ECHO_REQUEST;
5974+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
59415975
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
59425976

59435977
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -5967,6 +6001,7 @@ START_TEST(test_icmp_input_echo_request_eth_filter_drop)
59676001
icmp.ip.dst = ee32(0x0A000001U);
59686002
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
59696003
icmp.type = ICMP_ECHO_REQUEST;
6004+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
59706005
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
59716006

59726007
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -5995,6 +6030,7 @@ START_TEST(test_icmp_input_filter_drop_receiving)
59956030
icmp.ip.dst = ee32(0x0A000001U);
59966031
icmp.ip.len = ee16(IP_HEADER_LEN + ICMP_HEADER_LEN);
59976032
icmp.type = ICMP_ECHO_REQUEST;
6033+
icmp.csum = ee16(icmp_checksum(&icmp, ICMP_HEADER_LEN));
59986034
frame_len = (uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + ICMP_HEADER_LEN);
59996035

60006036
icmp_input(&s, TEST_PRIMARY_IF, (struct wolfIP_ip_packet *)&icmp, frame_len);
@@ -19511,6 +19547,7 @@ Suite *wolf_suite(void)
1951119547
tcase_add_test(tc_proto, test_icmp_socket_send_recv);
1951219548
tcase_add_test(tc_proto, test_icmp_input_echo_reply_queues);
1951319549
tcase_add_test(tc_proto, test_icmp_input_echo_request_reply_sent);
19550+
tcase_add_test(tc_proto, test_icmp_input_echo_request_bad_checksum_dropped);
1951419551
tcase_add_test(tc_proto, test_icmp_input_echo_request_odd_len_reply_checksum);
1951519552
tcase_add_test(tc_proto, test_icmp_input_echo_request_dhcp_running_no_reply);
1951619553
tcase_add_test(tc_proto, test_icmp_input_echo_request_filter_drop);

src/wolfip.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4830,6 +4830,9 @@ static void icmp_input(struct wolfIP *s, unsigned int if_idx, struct wolfIP_ip_p
48304830
/* validate ip->len doesn't exceed actual received data */
48314831
if (len < (uint32_t)(ETH_HEADER_LEN + ee16(ip->len)))
48324832
return;
4833+
/* validate ICMP checksum before processing */
4834+
if (icmp_checksum(icmp, (uint16_t)(ee16(ip->len) - IP_HEADER_LEN)) != 0)
4835+
return;
48334836

48344837
if (wolfIP_filter_notify_icmp(WOLFIP_FILT_RECEIVING, s, if_idx, icmp, len) != 0)
48354838
return;

0 commit comments

Comments
 (0)