Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Verify DIO prefix info lengths in RPL-Classic #1589

Merged
merged 1 commit into from Jun 4, 2021
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
Validate the length in the DIO prefix info option.
  • Loading branch information
nvt committed Jun 4, 2021
commit 4fffab0e632c4d01910fa957d1fd9ef321eb87d2
8 changes: 8 additions & 0 deletions os/net/routing/rpl-classic/rpl-icmp6.c
Expand Up @@ -447,6 +447,14 @@ dio_input(void)
goto discard;
}
dio.prefix_info.length = buffer[i + 2];

if(dio.prefix_info.length > sizeof(uip_ipaddr_t) * 8) {
LOG_WARN("Invalid DAG prefix info, len %u > %u\n",
dio.prefix_info.length, (unsigned)(sizeof(uip_ipaddr_t) * 8));
RPL_STAT(rpl_stats.malformed_msgs++);
goto discard;
}

dio.prefix_info.flags = buffer[i + 3];
/* valid lifetime is ingnored for now - at i + 4 */
/* preferred lifetime stored in lifetime */
Expand Down