[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-users] Re: [lwip] tcp_parseopt problem
|
From: |
Adam Dunkels |
|
Subject: |
[lwip-users] Re: [lwip] tcp_parseopt problem |
|
Date: |
Thu, 09 Jan 2003 00:59:37 -0000 |
Hi Vicente!
On Wednesday 27 February 2002 15.10, you wrote:
> I have a situation that when tcp_parseopt is called
> the following happens
> opt on line 1080 = 0x40
> This causes a jump to line 1098 where opts[c + 1] = 0x00 and c = 0 causing
> a jump back to line 1080 and therefore a endless loop
>
> Can anyone shed some light on this? Is the opt val of 0x40 wrong and if so
> where is this value set? Does anyone have a pointer to where tcpip options
> are explained...?
This is clearly a bug in lwIP - and a very severy one as well, since it is
possible to lock up lwIP by sending one malformed TCP packet. This calls for
an immediate release of version 0.5.2!
The problem is solved by adding a small check in tcp_parseopt(), like this:
if(opts[c + 1] == 0) {
/* If the length field is zero, the options are malformed
and we don't process them further. */
break;
}
/* All other options have a length field, so that we easily
can skip past them. */
c += opts[c + 1];
> -a precompiler error on the macros where the static u8_t memp_memory[xxxx]
> is declared in memp.c.(If I hardcode a mem value then the system works)
Would you happen to know what the exact problem is? Is it the sizeof() stuff
that the compiler chokes on?
/adam
--
Adam Dunkels <address@hidden>
http://www.sics.se/~adam
[This message was sent through the lwip discussion list.]