net/ipv4: check whether the length of the ipv4 option is correct #17917
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
Area: Networking
This patch adds validation for IPv4 option lengths during packet processing to prevent malformed packets from causing undefined behavior. The new ipv4_check_opt() function verifies that option lengths are within valid bounds before processing them. Signed-off-by: zhanghongyu <[email protected]>
zhhyu7
force-pushed
the
ipv4-option-length-check
branch
from
16cb415 to
5fe0ba4
Compare
xiaoxiang781216
approved these changes
Jan 15, 2026
acassis
approved these changes
Jan 15, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds validation for IPv4 option lengths during packet processing to prevent malformed packets from causing undefined behavior or potential security issues.
Problem
Currently, NuttX's IPv4 input processing does not validate the length field of IP options before processing them. This can lead to:
Solution
This patch introduces a new
ipv4_check_opt()function that validates IPv4 option lengths before processing. The function:CONFIG_DEBUG_FEATURESis enabledAdditionally, the header length check is improved to use the actual header length from the IP header instead of assuming the minimum length.
Changes
ipv4_check_opt()function to validate option lengthsImpact
Stability: Positive - Prevents potential crashes from malformed packets with invalid option lengths.
Security: Positive - Mitigates potential security issues from specially crafted packets.
Performance: Minimal - Validation only runs when
CONFIG_DEBUG_FEATURESis enabled.Compatibility: No breaking changes - Only adds additional validation.
Code Quality: Positive - Improves input validation and error handling.
Testing
Test Configuration
CONFIG_DEBUG_FEATURES=y,CONFIG_NET=y,CONFIG_NET_IPv4=yVerification Checklist
Code compiles without warnings
Normal IPv4 packets processed correctly
Malformed packets with invalid option lengths are detected and dropped
NOOP and END options handled correctly
No regression in existing functionality
Statistics properly updated on error
Debug output provides useful information