Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

gnrc_sixlowpan: Various hardening fixes [backport 2022.10] #18820

Merged
ieee802154: Adjust parsing of IEEE 802.15.4 frame header
(cherry picked from commit 0bec3e2)
  • Loading branch information
Diff-fusion authored and miri64 committed Oct 29, 2022
commit f4df5b4c4f841ccb460930894cf68ab10b55b971
42 changes: 27 additions & 15 deletions sys/net/link_layer/ieee802154/ieee802154.c
Expand Up @@ -115,27 +115,39 @@ size_t ieee802154_set_frame_hdr(uint8_t *buf, const uint8_t *src, size_t src_len
size_t ieee802154_get_frame_hdr_len(const uint8_t *mhr)
{
/* TODO: include security header implications */
uint8_t tmp;
uint8_t tmp, has_dst = 0;
size_t len = 3; /* 2 byte FCF, 1 byte sequence number */

/* figure out address sizes */
tmp = (mhr[1] & IEEE802154_FCF_DST_ADDR_MASK);
if (tmp == IEEE802154_FCF_DST_ADDR_SHORT) {
len += 4; /* 2 byte dst PAN + 2 byte dst short address */
}
else if (tmp == IEEE802154_FCF_DST_ADDR_LONG) {
len += 10; /* 2 byte dst PAN + 2 byte dst long address */
}
else if (tmp != IEEE802154_FCF_DST_ADDR_VOID) {
return 0;
}
else if (mhr[0] & IEEE802154_FCF_PAN_COMP) {
/* PAN compression, but no destination address => illegal state */
tmp = (mhr[0] & IEEE802154_FCF_TYPE_MASK);
if (tmp == IEEE802154_FCF_TYPE_ACK) {
/* ACK contains no other fields */
return len;
} else if (tmp != IEEE802154_FCF_TYPE_BEACON) {
/* Beacon contains no dst address */
tmp = (mhr[1] & IEEE802154_FCF_DST_ADDR_MASK);
if (tmp == IEEE802154_FCF_DST_ADDR_SHORT) {
len += 4; /* 2 byte dst PAN + 2 byte dst short address */
has_dst = 1;
}
else if (tmp == IEEE802154_FCF_DST_ADDR_LONG) {
len += 10; /* 2 byte dst PAN + 8 byte dst long address */
has_dst = 1;
}
else if (tmp != IEEE802154_FCF_DST_ADDR_VOID) {
return 0;
}
else if (mhr[0] & IEEE802154_FCF_PAN_COMP) {
/* PAN compression, but no destination address => illegal state */
return 0;
}
} else if (mhr[0] & IEEE802154_FCF_PAN_COMP) {
/* Beacon can't use PAN compression */
return 0;
}
tmp = (mhr[1] & IEEE802154_FCF_SRC_ADDR_MASK);
if (tmp == IEEE802154_FCF_SRC_ADDR_VOID) {
return len;
/* One of dst or src address must be present */
return has_dst ? len : 0;
}
else {
if (!(mhr[0] & IEEE802154_FCF_PAN_COMP)) {
Expand Down