Date: Wed, 1 Oct 2014 19:34:04 -0400 From: Tom Pusateri <pusateri@bangj.com> To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: UDP/IPv6 handling Message-ID: <2DA609BE-5704-463A-99BB-E64CB71931B2@bangj.com> In-Reply-To: <B30E0A41-51B0-442C-9476-0D9E99C0D37C@lurchi.franken.de> References: <B30E0A41-51B0-442C-9476-0D9E99C0D37C@lurchi.franken.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Lots of embedded devices (like Cisco IP Phones) send TFTP requests with 0 ch=
ecksums.=20
Tom
> On Oct 1, 2014, at 12:58 PM, Michael Tuexen <Michael.Tuexen@lurchi.franken=
.de> wrote:
>=20
> Dear all,
>=20
> in udp6_input() we have the following code:
>=20
> if (nxt =3D=3D IPPROTO_UDP && plen !=3D ulen) {
> UDPSTAT_INC(udps_badlen);
> goto badunlocked;
> }=20
> /*
> * Checksum extended UDP header and data.
> */
> if (uh->uh_sum =3D=3D 0) {
> if (ulen > plen || ulen < sizeof(struct udphdr)) {
> UDPSTAT_INC(udps_nosum);
> goto badunlocked;
> }
> }
>=20
> I'm trying to understand the UDP code path...
>=20
> So (ulen > plen) can't be true. I'm wondering why do we only check the ule=
n is not too
> short only in the case when the UDP checksum is zero. A zero checksum shou=
ld also never happen.
>=20
> I think we should check for ulen < sizeof(struct udphdr) in any case.
>=20
> Opinions?
>=20
> Best regards
> Michael
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2DA609BE-5704-463A-99BB-E64CB71931B2>