Fixes finding from static analyzers#81
Conversation
CID 1686341
There was a problem hiding this comment.
Pull request overview
This PR fixes multiple issues found by static analyzers and hardens the wolfIP TCP/IP and ESP stack across several areas: TCP window handling, ICMP security, ESP replay/padding validation, and IP fragment handling.
Changes:
- TCP fixes: out-of-window segment rejection, data delivery in FIN_WAIT states, SYN-ACK window scaling, DF bit on outgoing packets, initial cwnd capping
- Security hardening: ICMP broadcast/multicast echo suppression, ESP padding validation, ESP replay window fix, IP fragment drop, ESP wrap input validation
- Minor cleanups: dead macro removal, macro parenthesization, recvmsg guard on positive length
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/wolfip.c | TCP segment acceptability check, FIN_WAIT data delivery, SYN-ACK unscaled window, DF bit, fragment drop, ICMP hardening, cwnd cap, macro fixes |
| src/wolfesp.c | ESP replay bitmap fix, padding validation, wrap input guard, macro parenthesization |
| src/test/unit/unit.c | Tests for all wolfip.c changes |
| src/test/unit/unit_esp.c | Tests for ESP replay, padding, and wrap changes |
| src/port/posix/bsd_socket.c | Guard recvmsg scatter path on positive length and non-null buf |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
This PR fixes multiple issues identified by static analyzers and improves TCP, ICMP, ESP, and IP handling in the wolfIP embedded network stack.
Changes:
- Hardens TCP processing: out-of-window segment rejection, FIN_WAIT data delivery, unscaled SYN-ACK window, DF bit on outgoing TCP, initial cwnd capping per RFC 6928
- Fixes ICMP/IP edge cases: broadcast/multicast ping suppression, TTL reset on echo reply, fragment drop before dispatch, directed broadcast detection
- ESP improvements: anti-replay window fix for hi_seq duplicates, padding validation on unwrap, macro parenthesization, short IP length rejection
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/wolfip.c | Replaces IS_IP_BCAST/IS_IP_MCAST macros with proper functions supporting directed broadcast; adds tcp_segment_acceptable, fragment drop, DF bit, FIN_WAIT data delivery, SYN-ACK window scale fix, ICMP broadcast/TTL fixes, cwnd cap, removes dead SEQ_DIFF macro, parenthesizes MAX_TIMERS |
| src/wolfesp.c | Fixes anti-replay bitmap to mark hi_seq as seen, validates ESP padding, rejects short IP lengths in wrap, parenthesizes esp_rfc4106_salt macro |
| src/test/unit/unit.c | Comprehensive tests for all wolfip.c changes |
| src/test/unit/unit_esp.c | Tests for replay duplicate rejection, padding validation, short IP wrap rejection |
| src/port/posix/bsd_socket.c | Guards recvmsg scatter path on positive length and non-null buffer (Coverity fix) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
F/782 - TCP data delivered in FIN_WAIT_1 and FIN_WAIT_2 (c01d51f)
F/779 - ESP anti-replay window updates fixed for advanced hi_seq handling (fd082b3)
F/783 - SYN-ACK advertised window no longer incorrectly scaled (00ce5fc)
F/784 - Fragmented IPv4 packets dropped before upper-layer dispatch (ffb252c)
F/790 - DF bit set on outgoing TCP packets (165d1c3)
F/786 - Out-of-window TCP segments rejected before processing (f478a09)
F/787 - ICMP echo replies reset TTL to a fresh value (c0e35f8)
F/788 - ICMP echo requests to broadcast or multicast addresses no longer answered (11e421b)
F/780 - Dead SEQ_DIFF macro removed (3e89537)
F/789 - ESP padding validated during unwrap (5e271ef)
F/791 - ESP wrap rejects IP lengths shorter than the IPv4 header (4d0cf30)
F/781 - MAX_TIMERS macro parenthesized (df6393d)
F/792 - esp_rfc4106_salt macro parenthesized (5067fae)
F/785 - Initial TCP congestion window capped to min(10*SMSS, rwnd/2) (6ab4168)
coverity CID 1686341 - recvmsg scatter path guarded on positive length (12ac0a9)