Skip to content

Commit d1307b4

Browse files
danielinuxdanielinux
committed
UDP: validate minimum len
F/698
1 parent 37eaa64 commit d1307b4

2 files changed

Lines changed: 35 additions & 0 deletions

File tree

src/test/unit/unit.c

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7779,6 +7779,36 @@ START_TEST(test_udp_try_recv_short_expected_len)
77797779
}
77807780
END_TEST
77817781

7782+
START_TEST(test_udp_try_recv_len_below_header_rejected)
7783+
{
7784+
struct wolfIP s;
7785+
struct tsocket *ts;
7786+
struct wolfIP_udp_datagram udp;
7787+
uint32_t local_ip = 0x0A000001U;
7788+
7789+
wolfIP_init(&s);
7790+
mock_link_init(&s);
7791+
wolfIP_ipconfig_set(&s, local_ip, 0xFFFFFF00U, 0);
7792+
7793+
ts = udp_new_socket(&s);
7794+
ck_assert_ptr_nonnull(ts);
7795+
ts->src_port = 1234;
7796+
ts->local_ip = local_ip;
7797+
7798+
memset(&udp, 0, sizeof(udp));
7799+
udp.ip.dst = ee32(local_ip);
7800+
udp.ip.len = ee16(IP_HEADER_LEN + UDP_HEADER_LEN);
7801+
udp.dst_port = ee16(1234);
7802+
udp.len = ee16(UDP_HEADER_LEN - 1);
7803+
7804+
udp_try_recv(&s, TEST_PRIMARY_IF, &udp,
7805+
(uint32_t)(ETH_HEADER_LEN + IP_HEADER_LEN + UDP_HEADER_LEN));
7806+
7807+
ck_assert_ptr_eq(fifo_peek(&ts->sock.udp.rxbuf), NULL);
7808+
ck_assert_uint_eq(last_frame_sent_size, 0U);
7809+
}
7810+
END_TEST
7811+
77827812
START_TEST(test_udp_try_recv_unmatched_port_sends_icmp_unreachable)
77837813
{
77847814
struct wolfIP s;
@@ -19263,6 +19293,7 @@ Suite *wolf_suite(void)
1926319293
tcase_add_test(tc_utils, test_udp_try_recv_filter_drop);
1926419294
tcase_add_test(tc_utils, test_udp_try_recv_dhcp_running_local_zero);
1926519295
tcase_add_test(tc_utils, test_udp_try_recv_short_expected_len);
19296+
tcase_add_test(tc_utils, test_udp_try_recv_len_below_header_rejected);
1926619297
tcase_add_test(tc_utils, test_udp_try_recv_conf_null);
1926719298
tcase_add_test(tc_utils, test_udp_try_recv_remote_ip_matches_local_ip);
1926819299
tcase_add_test(tc_utils, test_udp_try_recv_unmatched_port_sends_icmp_unreachable);

src/wolfip.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1717,6 +1717,10 @@ static void udp_try_recv(struct wolfIP *s, unsigned int if_idx,
17171717
if (frame_len < (uint32_t)(ETH_HEADER_LEN + ee16(udp->ip.len)))
17181718
return;
17191719

1720+
/* validate minimum UDP length per RFC 768 */
1721+
if (ee16(udp->len) < UDP_HEADER_LEN)
1722+
return;
1723+
17201724
/* validate UDP length field fits within the actual received buffer */
17211725
if (ee16(udp->len) > frame_len - ETH_HEADER_LEN - IP_HEADER_LEN)
17221726
return;

0 commit comments

Comments
 (0)