This is an automated email from the ASF dual-hosted git repository.
xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new e1e6d8821e4 net/icmp: check src ip for icmp request message
e1e6d8821e4 is described below
commit e1e6d8821e43a1f81e0375db2a532d86e02911a8
Author: gaohedong <[email protected]>
AuthorDate: Tue Jun 3 21:42:25 2025 +0800
net/icmp: check src ip for icmp request message
Check src ip for icmp request message. Drop the request message if src ip
is broadcast/multicast.
Signed-off-by: gaohedong <[email protected]>
---
net/icmp/icmp_input.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/net/icmp/icmp_input.c b/net/icmp/icmp_input.c
index 1dd19b4d1e5..9fc1339fc1c 100644
--- a/net/icmp/icmp_input.c
+++ b/net/icmp/icmp_input.c
@@ -311,6 +311,21 @@ void icmp_input(FAR struct net_driver_s *dev)
if (icmp->type == ICMP_ECHO_REQUEST)
{
+ in_addr_t src_ipaddr;
+
+ /* According to RFC1122 section 3.2.2.6, an ICMP Echo Request
+ * which has a broadcast/multicast ip address should be discarded
+ */
+
+ src_ipaddr = net_ip4addr_conv32(ipv4->srcipaddr);
+
+ if (net_ipv4addr_cmp(src_ipaddr, INADDR_BROADCAST) ||
+ IN_MULTICAST(NTOHL(src_ipaddr)))
+ {
+ ninfo("ICMP ECHO request from broadcast/multicast address\n");
+ goto typeerr;
+ }
+
/* Change the ICMP type */
icmp->type = ICMP_ECHO_REPLY;
