Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent out-of-bounds write when processing external headers in sicslowpan #1409

Merged
merged 2 commits into from Oct 11, 2020

Conversation

nvt
Copy link
Member

@nvt nvt commented Oct 9, 2020

When processing external headers in sicslowpan, a long chain of headers could possibly overflow the uip_buf variable.

In the code below, which follows the now inserted check, the writes to the exthdr struct could result in an out-of-bounds write.
exthdr = (struct uip_ext_hdr *)ip_payload; exthdr->len = (2 + len) / 8 - 1; exthdr->next = next;

A packet test that should trigger the bug is included in the PR.

Copy link
Member

@nfi nfi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@g-oikonomou g-oikonomou merged commit 48a3799 into contiki-ng:develop Oct 11, 2020
1 check passed
@nvt nvt deleted the 6lowpan-ext-header-check branch January 21, 2021 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants