[En-Nut-Discussion] FYI: Bug in ICMP destination unreachable handling fixed

Coleman Brumley cbrumley at polarsoft.biz
Mon Sep 28 16:31:33 CEST 2015


Great.

Thank you.

Coleman

> -----Original Message-----
> From: Ole Reinhardt [mailto:ole.reinhardt at embedded-it.de]
> Sent: Monday, September 28, 2015 10:30 AM
> To: cbrumley at polarsoft.biz; Ethernut User Chat (English) <en-nut-
> discussion at egnite.de>
> Subject: Re: [En-Nut-Discussion] FYI: Bug in ICMP destination unreachable
> handling fixed
> 
> Hi,
> 
> sure, but it is just applied.
> 
> Best regards,
> 
> Ole Reinhardt
> 
> 
> Index: nut/net/icmpin.c
> ==========================================================
> =========
> --- nut/net/icmpin.c	(Revision 6134)
> +++ nut/net/icmpin.c	(Revision 6135)
> @@ -117,7 +117,7 @@
>              TCPHDR *th;
>              TCPSOCKET *sock_tcp;
> 
> -            th = (TCPHDR *) ((char *) ih) + sizeof(IPHDR);
> +            th = (TCPHDR *) (((char *) ih) + sizeof(IPHDR));
>              sock_tcp = NutTcpFindSocket(th->th_dport, th->th_sport,
> ih->ip_src);
>              if (sock_tcp == 0)
>                  return -1;
> 
> 
> 
> 
> 
> 
> Am 28.09.2015 16:08, schrieb Coleman Brumley:
> > Ole,
> >
> > Can you please post the patch here as well?
> >
> > Coleman
> >
> >> -----Original Message-----
> >> From: en-nut-discussion-bounces at egnite.de [mailto:en-nut-discussion-
> >> bounces at egnite.de] On Behalf Of Ole Reinhardt
> >> Sent: Monday, September 28, 2015 7:57 AM
> >> To: Ethernut User Chat (English) <en-nut-discussion at egnite.de>
> >> Subject: [En-Nut-Discussion] FYI: Bug in ICMP destination unreachable
> >> handling fixed
> >>
> >> Hi all,
> >>
> >> in SVN trunk r6135 I fix a bug in the handling of ICMP code 3
> >> messages (destination unreachable). It was caused by missing
> >> parenthesis in pointer arithmetic.
> >>
> >> As result, NutTcpFindSocket() (in NutIcmpUnreach()) was fed with
> >> invalid data. In worst case this could have led to sockets beeing
> >> abborting
> > accidently,
> >> in most cases nothing happened at all, as no matching socket could be
> > found.
> >>
> >> But even worse, this bug also could result in crashes, if the pointer
> > arithmetic
> >> resulted in a read out of the physical memory bounds.
> >>
> >> It might be a good idea to update Nut/OS in your projects which rely
> >> on a correct ICMP handling.
> >>
> >> Best regards,
> >>
> >> Ole
> >>
> >> --
> >> kernel concepts GmbH            Tel: +49-271-771091-14
> >> Sieghuetter Hauptweg 48         Mob: +49-177-7420433
> >> D-57072 Siegen
> >> http://www.embedded-it.de
> >> http://www.kernelconcepts.de
> >> _______________________________________________
> >> http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> >
> > _______________________________________________
> > http://lists.egnite.de/mailman/listinfo/en-nut-discussion
> >
> 
> --
> kernel concepts GmbH            Tel: +49-271-771091-14
> Sieghuetter Hauptweg 48         Mob: +49-177-7420433
> D-57072 Siegen
> http://www.embedded-it.de
> http://www.kernelconcepts.de



More information about the En-Nut-Discussion mailing list