From 9cc18718102239dd3025fc8cdce8b2cae60fab4a Mon Sep 17 00:00:00 2001 From: oliverschmidt Date: Sun, 8 Apr 2007 20:06:56 +0000 Subject: [PATCH] Fixed stupid bug. I have no idea how I didn't run into this one for months ! The development platforms have 400-600 bytes buffer size. So every incoming 1500 packet overwrote ~ 1000 bytes of uIP variables. And this happens very easily as every packet coming in for the Windows IP stack is seen by uIP as well (and discarded because of the wrong IP address). --- cpu/native/net/wpcap.c | 6 +++++- platform/win32/net/wpcap-service.c | 12 ++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/cpu/native/net/wpcap.c b/cpu/native/net/wpcap.c index 426dc2602..3b2e59c55 100644 --- a/cpu/native/net/wpcap.c +++ b/cpu/native/net/wpcap.c @@ -30,7 +30,7 @@ * * Author: Oliver Schmidt * - * $Id: wpcap.c,v 1.4 2007/04/07 00:27:22 oliverschmidt Exp $ + * $Id: wpcap.c,v 1.5 2007/04/08 20:06:56 oliverschmidt Exp $ */ #define WIN32_LEAN_AND_MEAN @@ -224,6 +224,10 @@ wpcap_poll(void) return 0; } + if(packet_header->caplen > UIP_BUFSIZE) { + return 0; + } + CopyMemory(uip_buf, packet, packet_header->caplen); return (u16_t)packet_header->caplen; } diff --git a/platform/win32/net/wpcap-service.c b/platform/win32/net/wpcap-service.c index 069c7ca5a..90165a265 100644 --- a/platform/win32/net/wpcap-service.c +++ b/platform/win32/net/wpcap-service.c @@ -30,7 +30,7 @@ * * Author: Oliver Schmidt * - * $Id: wpcap-service.c,v 1.7 2007/04/06 22:36:31 oliverschmidt Exp $ + * $Id: wpcap-service.c,v 1.8 2007/04/08 20:09:11 oliverschmidt Exp $ */ #define WIN32_LEAN_AND_MEAN @@ -103,19 +103,19 @@ pollhandler(void) return; } + if(packet_header->caplen > UIP_BUFSIZE) { + return; + } + uip_len = packet_header->caplen; CopyMemory(uip_buf, packet, uip_len); if(BUF->type == HTONS(UIP_ETHTYPE_IP)) { - debug_printf("I"); - - uip_len -= sizeof(struct uip_eth_hdr); tcpip_input(); } else if(BUF->type == HTONS(UIP_ETHTYPE_ARP)) { - debug_printf("A"); - uip_arp_arpin(); + if(uip_len > 0) { if(pcap_sendpacket(pcap, uip_buf, uip_len) == -1) { error_exit("Error on ARP response\n");