sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tcp: check option length before d_len update

Browse Source 
Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>
This commit is contained in:
zhanghongyu 2022-07-15 17:10:37 +08:00 committed by Petro Karashchenko
parent 579934e709
commit ef660083c8
1 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
net/tcp/tcp_input.c
View File

@ -622,6 +622,16 @@ found:
len = (tcp->tcpoffset >> 4) << 2;
/* d_appdata should remove the tcp specific option field. */
if ((tcp->tcpoffset & 0xf0) > 0x50)
{
if (dev->d_len >= len)
{
dev->d_appdata += len - TCP_HDRLEN;
}
}
/* d_len will contain the length of the actual TCP data. This is
* calculated by subtracting the length of the TCP header (in
* len) and the length of the IP header.
@ -629,17 +639,6 @@ found:
dev->d_len -= (len + iplen);
/* d_appdata should remove the tcp specific option field. */
if ((tcp->tcpoffset & 0xf0) > 0x50)
{
len = ((tcp->tcpoffset >> 4) - 5) << 2;
if (dev->d_len >= len)
{
dev->d_appdata += len;
}
}
/* Check if the sequence number of the incoming packet is what we are
* expecting next. If not, we send out an ACK with the correct numbers
* in, unless we are in the SYN_RCVD state and receive a SYN, in which