nrf802154: Validate frame length before dst filter#11191
nrf802154: Validate frame length before dst filter#11191bergzand wants to merge 4 commits intoRIOT-OS:masterfrom
Conversation
bergzand
added
Type: bug
miri64
left a comment
miri64
left a comment
There was a problem hiding this comment.
My opinion is that any incoming data should be checked for its length ;-). However, I'm not sure that your solution guarantees that.
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
Just some suggestions.
But I have a more basic question: Could this filtering go into /drivers/netdev_ieee802154?
| return false; | ||
| } | ||
| size_t expected_len = ieee802154_get_frame_hdr_len(&rxbuf[1]); | ||
| if (!expected_len) { |
There was a problem hiding this comment.
Could go into the last return.
Also, I'd prefer comparison with zero since its not a bool, but its fine to me if you like writing it this way.
There was a problem hiding this comment.
Agreed, I agree with your suggestion to compare with zero to increase readability. I'll also try to make the set of checks a bit more readable with some comments :)
ghost
added
Reviewed: 1-fundamentals
I think so, I have to check if I can simply extend the functions or have to change the API slightly. |
|
I discussed this with Martine before, and she mentioned, that rxbuf[0] or anything similar might not be available for other drivers. I think this could be investigated and the decision should be based on that. Anyway, just tested sending, obviously still works. I did not try to break it, because i had no idea how to easily send an invalid frame. |
ghost
added
the
Reviewed: 3-testing
|
@bergzand small reminder |
|
Hey, @bergzand do you still work on this PR? |
|
Hey @SemjonKerner, sorry for the delays. I don't really have time to work on this at the moment but I haven't forgotten about this PR. |
|
@SemjonKerner Thanks for the patience here. I've refactored this PR a bit to a generic data frame validation function called by the nrf802514 radio code. Let me know what you think. |
|
Oh, can you pls rebase. Throws some gcc changes that are fixed in master. |
bergzand
force-pushed
the
pr/nrf802154/recv_len_check
branch
from
e216a1f to
8e8b011
Compare
|
Rebased! |
ghost
added
Reviewed: 4-code-style
|
LGTM, but i can't test it today. I'd like to run it once, before merging. I guess it's alright for you to wait a few more days.? |
|
So, uhm.. I was just checking out this PR and started a udp server on my nrf52840dk. But I cannot receive packets from samr21-xpro to nrf52840dk. Sending from nrf52840dk to samr21-xpro works. So reception is somehow broken now. EDIT: On master everything is fine. |
ghost
left a comment
ghost
left a comment
There was a problem hiding this comment.
Please make sure the return values of the filter function are correct.
| (frame_len > expected_len) && | ||
| ((*mhr & IEEE802154_FCF_TYPE_MASK) == IEEE802154_FCF_TYPE_DATA) && | ||
| (netdev_ieee802154_dst_filter(dev, mhr) == 0)) { | ||
| return 0; |
There was a problem hiding this comment.
Okay, I think you mixed up the return values.
| const uint8_t *mhr, size_t frame_len) | ||
| { | ||
| if (frame_len < IEEE802154_FCF_LEN) { | ||
| return 1; |
There was a problem hiding this comment.
Shouldn't this be zero?
ae120c5#diff-864e98442504008c9fad4791703b0e35R144
|
ping @bergzand! :) |
|
Ping, also #16576 is touching this. |
|
This PR can likely be closed with the same argumentation as in #11150. |
|
@benpicco this one can be closed as well. |
5 participants
Contribution description
This PR adds a length check to the received frame. This prevents the destination filter check in the driver from reading beyond the received frame length. This increases the time spent in the receive part of the interrupt by 0.875µs (from 6.75µs to 7.625µs).
Also requesting a review from @miri64 and @haukepetersen as they probably also have an opinion on the additional check here.
Testing procedure
Basic receive validation should be enough.
Before this PR it should have been possible to trigger a netif receive operation on an incorrect frame after a valid frame was received.
Issues/PRs references
None