You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by pk...@apache.org on 2022/07/26 09:05:12 UTC
[incubator-nuttx] branch master updated: tcp: check option length before d_len update
This is an automated email from the ASF dual-hosted git repository.
pkarashchenko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new ef660083c8 tcp: check option length before d_len update
ef660083c8 is described below
commit ef660083c8ed7c1a78ca856a567b9bc2b4d227d2
Author: zhanghongyu <zh...@xiaomi.com>
AuthorDate: Fri Jul 15 17:10:37 2022 +0800
tcp: check option length before d_len update
Signed-off-by: zhanghongyu <zh...@xiaomi.com>
---
net/tcp/tcp_input.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/net/tcp/tcp_input.c b/net/tcp/tcp_input.c
index b48e40b250..f51c17a4cf 100644
--- a/net/tcp/tcp_input.c
+++ b/net/tcp/tcp_input.c
@@ -622,24 +622,23 @@ found:
len = (tcp->tcpoffset >> 4) << 2;
- /* d_len will contain the length of the actual TCP data. This is
- * calculated by subtracting the length of the TCP header (in
- * len) and the length of the IP header.
- */
-
- dev->d_len -= (len + iplen);
-
/* d_appdata should remove the tcp specific option field. */
if ((tcp->tcpoffset & 0xf0) > 0x50)
{
- len = ((tcp->tcpoffset >> 4) - 5) << 2;
if (dev->d_len >= len)
{
- dev->d_appdata += len;
+ dev->d_appdata += len - TCP_HDRLEN;
}
}
+ /* d_len will contain the length of the actual TCP data. This is
+ * calculated by subtracting the length of the TCP header (in
+ * len) and the length of the IP header.
+ */
+
+ dev->d_len -= (len + iplen);
+
/* Check if the sequence number of the incoming packet is what we are
* expecting next. If not, we send out an ACK with the correct numbers
* in, unless we are in the SYN_RCVD state and receive a SYN, in which