(nuttx) branch master updated: net/udp: Add check when sending too big packet without IP frag

Tue, 12 Dec 2023 06:43:03 -0800 

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git


The following commit(s) were added to refs/heads/master by this push:
     new 22b6076f26 net/udp: Add check when sending too big packet without IP 
frag
22b6076f26 is described below

commit 22b6076f265879275e49a5a13f94052d25204f56
Author: Zhe Weng <weng...@xiaomi.com>
AuthorDate: Tue Dec 12 18:52:01 2023 +0800

    net/udp: Add check when sending too big packet without IP frag
    
    Commit 8a63d29c removed `devif_iob_send` from `udp_sendto_buffered`
    workflow, `devif_iob_send` drops too big packet. Now we still need a
    place to check the packet length, otherwise a packet larger than MTU
    may be sent to the net driver.
    
    In case of similar problem happens somewhere else, this commit also
    adds a check in `netdev_upperhalf`, and count these cases into
    `NETDEV_TXERRORS`.
    
    Signed-off-by: Zhe Weng <weng...@xiaomi.com>
---
 drivers/net/netdev_upperhalf.c | 11 ++++++++++-
 net/udp/udp_sendto_buffered.c  | 10 ++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/drivers/net/netdev_upperhalf.c b/drivers/net/netdev_upperhalf.c
index 8c1c3244d2..0ab5fe5fcf 100644
--- a/drivers/net/netdev_upperhalf.c
+++ b/drivers/net/netdev_upperhalf.c
@@ -270,7 +270,16 @@ static int netdev_upper_txpoll(FAR struct net_driver_s 
*dev)
 #endif
 
   pkt = netpkt_get(dev, NETPKT_TX);
-  ret = lower->ops->transmit(lower, pkt);
+
+  if (netpkt_getdatalen(lower, pkt) > NETDEV_PKTSIZE(dev))
+    {
+      nerr("ERROR: Packet too long to send!\n");
+      ret = -EMSGSIZE;
+    }
+  else
+    {
+      ret = lower->ops->transmit(lower, pkt);
+    }
 
   if (ret != OK)
     {
diff --git a/net/udp/udp_sendto_buffered.c b/net/udp/udp_sendto_buffered.c
index da01a7bc04..18dd21c6e4 100644
--- a/net/udp/udp_sendto_buffered.c
+++ b/net/udp/udp_sendto_buffered.c
@@ -289,6 +289,16 @@ static int sendto_next_transfer(FAR struct udp_conn_s 
*conn)
       return -EHOSTUNREACH;
     }
 
+#ifndef CONFIG_NET_IPFRAG
+  /* Sanity check if the packet len (with IP hdr) is greater than the MTU */
+
+  if (wrb->wb_iob->io_pktlen > devif_get_mtu(dev))
+    {
+      nerr("ERROR: Packet too long to send!\n");
+      return -EMSGSIZE;
+    }
+#endif
+
   /* If this is not the same device that we used in the last call to
    * udp_callback_alloc(), then we need to release and reallocate the old
    * callback instance.

Reply via email to