6lowpan: Change byte order when storing/accessing to len field

Lenght field should be encoded using big endian byte order, such as intend in the specs. As it is currently written, the len field would not be decoded properly on an implementation using the correct byte ordering. Hence, it could lead to interroperability issues. Also, I rewrote the code so that iphc0 argument of lowpan_alloc_new_frame could be removed. Signed-off-by: Tony Cheneau <tony.cheneau@amnesiak.org> Signed-off-by: David S. Miller <davem@davemloft.net>

6lowpan: Change byte order when storing/accessing to len field
Lenght field should be encoded using big endian byte order, such as intend in the specs. As it is currently written, the len field would not be decoded properly on an implementation using the correct byte ordering. Hence, it could lead to interroperability issues. Also, I rewrote the code so that iphc0 argument of lowpan_alloc_new_frame could be removed. Signed-off-by: Tony Cheneau <tony.cheneau@amnesiak.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Tony Cheneau · David S. Miller
1 parent 4576039ffc
Showing 1 changed file with 12 additions and 8 deletions Side-by-side Diff
net/ieee802154/6lowpan.c
@@ -645,7 +645,7 @@
 }
  
 static struct lowpan_fragment *
-lowpan_alloc_new_frame(struct sk_buff *skb, u8 iphc0, u8 len, u16 tag)
+lowpan_alloc_new_frame(struct sk_buff *skb, u8 len, u16 tag)
 {
 	struct lowpan_fragment *frame;
  
@@ -656,7 +656,7 @@
  
 	INIT_LIST_HEAD(&frame->list);
  
-	frame->length = (iphc0 & 7) | (len << 3);
+	frame->length = len;
 	frame->tag = tag;
  
 	/* allocate buffer for frame assembling */
  
  
@@ -714,14 +714,18 @@
 	case LOWPAN_DISPATCH_FRAGN:
 	{
 		struct lowpan_fragment *frame;
-		u8 len, offset;
-		u16 tag;
+		/* slen stores the rightmost 8 bits of the 11 bits length */
+		u8 slen, offset;
+		u16 len, tag;
 		bool found = false;
  
-		if (lowpan_fetch_skb_u8(skb, &len) || /* frame length */
+		if (lowpan_fetch_skb_u8(skb, &slen) || /* frame length */
 		    lowpan_fetch_skb_u16(skb, &tag))  /* fragment tag */
 			goto drop;
  
+		/* adds the 3 MSB to the 8 LSB to retrieve the 11 bits length */
+		len = ((iphc0 & 7) << 8) | slen;
+
 		/*
 		 * check if frame assembling with the same tag is
 		 * already in progress
@@ -736,7 +740,7 @@
  
 		/* alloc new frame structure */
 		if (!found) {
-			frame = lowpan_alloc_new_frame(skb, iphc0, len, tag);
+			frame = lowpan_alloc_new_frame(skb, len, tag);
 			if (!frame)
 				goto unlock_and_drop;
 		}
@@ -1004,8 +1008,8 @@
 	tag = fragment_tag++;
  
 	/* first fragment header */
-	head[0] = LOWPAN_DISPATCH_FRAG1 | (payload_length & 0x7);
-	head[1] = (payload_length >> 3) & 0xff;
+	head[0] = LOWPAN_DISPATCH_FRAG1 | ((payload_length >> 8) & 0x7);
+	head[1] = payload_length & 0xff;
 	head[2] = tag >> 8;
 	head[3] = tag & 0xff;
...	...	@@ -645,7 +645,7 @@
645	645	}
646	646
647	647	static struct lowpan_fragment *
648		-lowpan_alloc_new_frame(struct sk_buff *skb, u8 iphc0, u8 len, u16 tag)
	648	+lowpan_alloc_new_frame(struct sk_buff *skb, u8 len, u16 tag)
649	649	{
650	650	struct lowpan_fragment *frame;
651	651
...	...	@@ -656,7 +656,7 @@
656	656
657	657	INIT_LIST_HEAD(&frame->list);
658	658
659		- frame->length = (iphc0 & 7) \| (len << 3);
	659	+ frame->length = len;
660	660	frame->tag = tag;
661	661
662	662	/* allocate buffer for frame assembling */
663	663
664	664
...	...	@@ -714,14 +714,18 @@
714	714	case LOWPAN_DISPATCH_FRAGN:
715	715	{
716	716	struct lowpan_fragment *frame;
717		- u8 len, offset;
718		- u16 tag;
	717	+ /* slen stores the rightmost 8 bits of the 11 bits length */
	718	+ u8 slen, offset;
	719	+ u16 len, tag;
719	720	bool found = false;
720	721
721		- if (lowpan_fetch_skb_u8(skb, &len) \|\| /* frame length */
	722	+ if (lowpan_fetch_skb_u8(skb, &slen) \|\| /* frame length */
722	723	lowpan_fetch_skb_u16(skb, &tag)) /* fragment tag */
723	724	goto drop;
724	725
	726	+ /* adds the 3 MSB to the 8 LSB to retrieve the 11 bits length */
	727	+ len = ((iphc0 & 7) << 8) \| slen;
	728	+
725	729	/*
726	730	* check if frame assembling with the same tag is
727	731	* already in progress
...	...	@@ -736,7 +740,7 @@
736	740
737	741	/* alloc new frame structure */
738	742	if (!found) {
739		- frame = lowpan_alloc_new_frame(skb, iphc0, len, tag);
	743	+ frame = lowpan_alloc_new_frame(skb, len, tag);
740	744	if (!frame)
741	745	goto unlock_and_drop;
742	746	}
...	...	@@ -1004,8 +1008,8 @@
1004	1008	tag = fragment_tag++;
1005	1009
1006	1010	/* first fragment header */
1007		- head[0] = LOWPAN_DISPATCH_FRAG1 \| (payload_length & 0x7);
1008		- head[1] = (payload_length >> 3) & 0xff;
	1011	+ head[0] = LOWPAN_DISPATCH_FRAG1 \| ((payload_length >> 8) & 0x7);
	1012	+ head[1] = payload_length & 0xff;
1009	1013	head[2] = tag >> 8;
1010	1014	head[3] = tag & 0xff;
1011	1015