[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] Incomplete TCP packet reception
|
From: |
Lou Cypher |
|
Subject: |
Re: [lwip-users] Incomplete TCP packet reception |
|
Date: |
Tue, 27 Oct 2009 15:32:17 +0100 |
|
User-agent: |
Thunderbird 2.0.0.23 (Windows/20090812) |
Oh, you're darn right, thanks!
Already used/planned something like that, somewhere else in my code, while in
that part is missing.
As well: the example httpd.c in contrib is similarly vulnerable, should be
annotated, just not to forget...
Lou
>> So, in the case of the HTTP capture you provided, there is a request
>> header telling you "Content-Length: 36". This tells you that after
>> the end of the headers (i.e. after the blank line), you should expect
>> another 36 bytes of data. You need to wait for those bytes to come in
>> before considering the request complete, even though they may not be
>> present in the same pbuf.
>
> Moreover, the number 36 is not definitive. The browser might close
> connection before sending all the 36 bytes. Or it could send more, if
> it's a hacker pretending to be a browser and looking for
> vulnerabilities in the code. The application should be prepared for
> that.