[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] Use of LWIP_ERROR in dhcp.c
From: |
Craig McQueen |
Subject: |
[lwip-devel] Use of LWIP_ERROR in dhcp.c |
Date: |
Thu, 7 Feb 2019 05:05:17 +0000 |
I see in dhcp.c, there is use of LWIP_ERROR when checking values in the DHCP
message from the server. Eg in dhcp_parse_reply():
LWIP_ERROR("len == 4", len == 4, return ERR_VAL;);
But LWIP_ERROR() is equivalent to an assert(), and will cause an infinite loop
(and probably watchdog reset). So LWIP_ERROR() isn't suitable to use when
parsing protocol data, is it? Otherwise, an attacker could cause a system reset
by sending malformed data to the device.
--
Craig McQueen
- [lwip-devel] Use of LWIP_ERROR in dhcp.c,
Craig McQueen <=