Hello.
On 17/11/15 19:54, Alexander Aring wrote:
This patch adds a check on reserved values for IPHC header. We should at
first check on these fields instead of doing parsing before. Afterwards
we can be sure there are no reserved values anymore. The reserved bits
doesn't contain reserved values for NHC headers. This need to be handled
inside the next layer.
Signed-off-by: Alexander Aring <alex.aring@xxxxxxxxx>
---
net/6lowpan/iphc.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/net/6lowpan/iphc.c b/net/6lowpan/iphc.c
index 346b5c1..13f5424 100644
--- a/net/6lowpan/iphc.c
+++ b/net/6lowpan/iphc.c
@@ -455,6 +455,20 @@ static const u8 lowpan_ttl_values[] = {
[LOWPAN_IPHC_HLIM_11] = 255,
};
+static inline bool lowpan_iphc_is_reserved(u8 iphc1)
+{
+ switch (iphc1 & (LOWPAN_IPHC_DAC | LOWPAN_IPHC_M |
+ LOWPAN_IPHC_DAM_MASK)) {
+ case LOWPAN_IPHC_DAC | LOWPAN_IPHC_DAM_00:
+ case LOWPAN_IPHC_DAC | LOWPAN_IPHC_M | LOWPAN_IPHC_DAM_01:
+ case LOWPAN_IPHC_DAC | LOWPAN_IPHC_M | LOWPAN_IPHC_DAM_10:
+ case LOWPAN_IPHC_DAC | LOWPAN_IPHC_M | LOWPAN_IPHC_DAM_11:
+ return true;
+ default:
+ return false;
+ }
+}
+
int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev,
const void *daddr, const void *saddr)
{
@@ -466,7 +480,8 @@ int lowpan_header_decompress(struct sk_buff *skb, const struct net_device *dev,
skb->data, skb->len);
if (lowpan_fetch_skb(skb, &iphc0, sizeof(iphc0)) ||
- lowpan_fetch_skb(skb, &iphc1, sizeof(iphc1)))
+ lowpan_fetch_skb(skb, &iphc1, sizeof(iphc1)) ||
+ lowpan_iphc_is_reserved(iphc1))
return -EINVAL;
/* another if the CID flag is set */
Reviewed-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxx>
regards
Stefan Schmidt
--
To unsubscribe from this list: send the line "unsubscribe linux-wpan" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html