giomba
/
nes-proj
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent uIP buffer over-read with big UDP packets 

When an UDP packet too big to fit in the uIP packet buffer is to be sent, the part fitting in the uIP buffer is copied to it (so no buffer overflow occurs) but uIP actually sends a packet of the original size therefore a buffer over-read occurs.

This modification makes uIP discard the UDP packets that do not fit in the uIP packet buffer.
This commit is contained in:
cedric-d 2016-04-24 12:06:09 +02:00
parent 872146def0
commit 67e0575bd3
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/net/ip/uip-udp-packet.c
View File

@ -51,12 +51,10 @@ void
uip_udp_packet_send(struct uip_udp_conn *c, const void *data, int len)
{
#if UIP_UDP
if(data != NULL) {
if(data != NULL && len <= (UIP_BUFSIZE - (UIP_LLH_LEN + UIP_IPUDPH_LEN))) {
uip_udp_conn = c;
uip_slen = len;
memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data,
len > UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN?
UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN: len);
memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data, len);
uip_process(UIP_UDP_SEND_CONN);
#if UIP_CONF_IPV6_MULTICAST