Prevent uIP buffer over-read with big UDP packets

When an UDP packet too big to fit in the uIP packet buffer is to be sent, the part fitting in the uIP buffer is copied to it (so no buffer overflow occurs) but uIP actually sends a packet of the original size therefore a buffer over-read occurs.

This modification makes uIP discard the UDP packets that do not fit in the uIP packet buffer.
This commit is contained in:
cedric-d 2016-04-24 12:06:09 +02:00
parent 872146def0
commit 67e0575bd3

View file

@ -51,12 +51,10 @@ void
uip_udp_packet_send(struct uip_udp_conn *c, const void *data, int len) uip_udp_packet_send(struct uip_udp_conn *c, const void *data, int len)
{ {
#if UIP_UDP #if UIP_UDP
if(data != NULL) { if(data != NULL && len <= (UIP_BUFSIZE - (UIP_LLH_LEN + UIP_IPUDPH_LEN))) {
uip_udp_conn = c; uip_udp_conn = c;
uip_slen = len; uip_slen = len;
memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data, memmove(&uip_buf[UIP_LLH_LEN + UIP_IPUDPH_LEN], data, len);
len > UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN?
UIP_BUFSIZE - UIP_LLH_LEN - UIP_IPUDPH_LEN: len);
uip_process(UIP_UDP_SEND_CONN); uip_process(UIP_UDP_SEND_CONN);
#if UIP_CONF_IPV6_MULTICAST #if UIP_CONF_IPV6_MULTICAST