Commit af4148c8 authored by Tomasz Bursztyka's avatar Tomasz Bursztyka Committed by Anas Nashif
Browse files

net/ieee802154: Drop fragmented packet if first frag is not present 



Bogus fragmented packet could be sent without a FRAG1 fragment and hit
reassembly. Let's make sure this does not happen.

Signed-off-by: default avatarTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
parent b35d6d4f

subsys/net/l2/ieee802154/ieee802154_fragment.c

+11 −3
Original line number Diff line number Diff line
@@ -472,6 +472,11 @@ static inline void fragment_reconstruct_packet(struct net_pkt *pkt) 
	fragment_remove_headers(pkt);

}



static inline bool fragment_packet_valid(struct net_pkt *pkt)

{

	return (get_datagram_type(pkt->buffer->data) == NET_6LO_DISPATCH_FRAG1);

}



/**

 *  Parse size and tag from the fragment, check if we have any cache

 *  related to it. If not create a new cache.
@@ -537,11 +542,14 @@ static inline enum net_verdict fragment_add_to_cache(struct net_pkt *pkt) 
			cache->pkt = NULL;

		}



		clear_reass_cache(size, tag);



		fragment_reconstruct_packet(pkt);

		if (!fragment_packet_valid(pkt)) {

			NET_ERR("Invalid fragmented packet");

			return NET_DROP;

		}



		/* Once reassemble is done, cache is no longer needed. */

		clear_reass_cache(size, tag);

		fragment_reconstruct_packet(pkt);



		if (!net_6lo_uncompress(pkt)) {

			NET_ERR("Could not uncompress. Bogus packet?");

CRA Git | Maintained and supported by SUSTech CRA and CCSE