Fix missing check for IPv6 version field in header

tony-josi-aws · tony-josi-aws · commit 4f4adb382923 · 2025-08-27T18:55:24.000+05:30
diff --git a/source/FreeRTOS_IPv6.c b/source/FreeRTOS_IPv6.c
@@ -93,7 +93,6 @@ const struct xIPv6_Address FreeRTOS_in6addr_loopback = { { 0U, 0U, 0U, 0U, 0U, 0
                                             size_t uxBufferLength )
     {
         BaseType_t xResult = pdFAIL;
-        uint16_t ucVersionTrafficClass;
         uint16_t usPayloadLength;
         uint8_t ucNextHeader;
         size_t uxMinimumLength;
@@ -116,15 +115,6 @@ const struct xIPv6_Address FreeRTOS_in6addr_loopback = { { 0U, 0U, 0U, 0U, 0U, 0
                 break;
             }
 
-            ucVersionTrafficClass = pxIPv6Packet->xIPHeader.ucVersionTrafficClass;
-
-            /* Test if the IP-version is 6. */
-            if( ( ( ucVersionTrafficClass & ( uint8_t ) 0xF0U ) >> 4 ) != 6U )
-            {
-                DEBUG_SET_TRACE_VARIABLE( xLocation, 2 );
-                break;
-            }
-
             /* Check if the IPv6-header is transferred. */
             if( uxBufferLength < ( ipSIZE_OF_ETH_HEADER + ipSIZE_OF_IPv6_HEADER ) )
             {
@@ -497,6 +487,7 @@ eFrameProcessingResult_t prvAllowIPPacketIPv6( const IPHeader_IPv6_t * const pxI
         const IPv6_Address_t * pxDestinationIPAddress = &( pxIPv6Header->xDestinationAddress );
         const IPv6_Address_t * pxSourceIPAddress = &( pxIPv6Header->xSourceAddress );
         BaseType_t xHasUnspecifiedAddress = pdFALSE;
+        uint16_t ucVersionTrafficClass = pxIPv6Header->ucVersionTrafficClass;
 
         /* Drop if packet has unspecified IPv6 address (defined in RFC4291 - sec 2.5.2)
          * either in source or destination address. */
@@ -506,8 +497,15 @@ eFrameProcessingResult_t prvAllowIPPacketIPv6( const IPHeader_IPv6_t * const pxI
             xHasUnspecifiedAddress = pdTRUE;
         }
 
+        /* Test if the IP-version is 6. */
+        if( ( ( ucVersionTrafficClass & ( uint8_t ) 0xF0U ) >> 4 ) != 6U )
+        {
+            /* Can not handle, unknown or invalid header version. */
+            eReturn = eReleaseBuffer;
+            FreeRTOS_printf( ( "prvAllowIPPacketIPv6: drop packet, invalid header version: %u\n", ( ucVersionTrafficClass & ( uint8_t ) 0xF0U ) >> 4 ) );
+        }
         /* Is the packet for this IP address? */
-        if( ( xHasUnspecifiedAddress == pdFALSE ) &&
+        else if( ( xHasUnspecifiedAddress == pdFALSE ) &&
             ( pxNetworkBuffer->pxEndPoint != NULL ) &&
             ( memcmp( pxDestinationIPAddress->ucBytes, pxNetworkBuffer->pxEndPoint->ipv6_settings.xIPAddress.ucBytes, sizeof( IPv6_Address_t ) ) == 0 ) )
         {
diff --git a/test/unit-test/FreeRTOS_IPv6/FreeRTOS_IPv6_utest.c b/test/unit-test/FreeRTOS_IPv6/FreeRTOS_IPv6_utest.c
@@ -68,6 +68,7 @@ void test_prvAllowIPPacketIPv6_SourceUnspecifiedAddress()
     memset( &xIPv6Address, 0, sizeof( xIPv6Address ) );
     memcpy( xIPv6Address.xDestinationAddress.ucBytes, xIPAddressFive.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
     memcpy( xIPv6Address.xSourceAddress.ucBytes, FreeRTOS_in6addr_any.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
+    xIPv6Address.ucVersionTrafficClass = 0x60U;
 
     eResult = prvAllowIPPacketIPv6( &xIPv6Address, NULL, 0U );
     TEST_ASSERT_EQUAL( eReleaseBuffer, eResult );
@@ -85,7 +86,8 @@ void test_prvAllowIPPacketIPv6_DestinationUnspecifiedAddress()
     memset( &xIPv6Address, 0, sizeof( xIPv6Address ) );
     memcpy( xIPv6Address.xDestinationAddress.ucBytes, FreeRTOS_in6addr_any.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
     memcpy( xIPv6Address.xSourceAddress.ucBytes, xIPAddressFive.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
-
+    xIPv6Address.ucVersionTrafficClass = 0x60U;
+    
     eResult = prvAllowIPPacketIPv6( &xIPv6Address, NULL, 0U );
     TEST_ASSERT_EQUAL( eReleaseBuffer, eResult );
 }
@@ -100,6 +102,8 @@ void test_prvAllowIPPacketIPv6_HappyPath()
     NetworkBufferDescriptor_t * pxNetworkBuffer = prvInitializeNetworkDescriptor();
     TCPPacket_IPv6_t * pxTCPPacket = ( TCPPacket_IPv6_t * ) pxNetworkBuffer->pucEthernetBuffer;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
+
     FreeRTOS_FindEndPointOnMAC_ExpectAndReturn( &pxTCPPacket->xEthernetHeader.xSourceAddress, NULL, NULL );
     usGenerateProtocolChecksum_ExpectAndReturn( pxNetworkBuffer->pucEthernetBuffer, pxNetworkBuffer->xDataLength, pdFALSE, ipCORRECT_CRC );
 
@@ -118,6 +122,7 @@ void test_prvAllowIPPacketIPv6_MulticastAddress()
     /* Multicast IPv6 address is FF02::1 */
     IPv6_Address_t xMCIPAddress = { 0xFF, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 };
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
     memcpy( pxTCPPacket->xIPHeader.xDestinationAddress.ucBytes, xMCIPAddress.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
 
     FreeRTOS_FindEndPointOnIP_IPv6_ExpectAndReturn( &( pxTCPPacket->xIPHeader.xSourceAddress ), pxNetworkBuffer->pxEndPoint );
@@ -139,6 +144,7 @@ void test_prvAllowIPPacketIPv6_LoopbackAddress()
     TCPPacket_IPv6_t * pxTCPPacket = ( TCPPacket_IPv6_t * ) pxNetworkBuffer->pucEthernetBuffer;
     NetworkEndPoint_t xEndPoint;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
     memcpy( pxTCPPacket->xIPHeader.xSourceAddress.ucBytes, FreeRTOS_in6addr_loopback.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
     memcpy( pxTCPPacket->xIPHeader.xDestinationAddress.ucBytes, FreeRTOS_in6addr_loopback.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
 
@@ -163,6 +169,7 @@ void test_prvAllowIPPacketIPv6_LoopbackNotMatchDest()
     NetworkBufferDescriptor_t * pxNetworkBuffer = prvInitializeNetworkDescriptor();
     TCPPacket_IPv6_t * pxTCPPacket = ( TCPPacket_IPv6_t * ) pxNetworkBuffer->pucEthernetBuffer;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
     pxTCPPacket->xIPHeader.xDestinationAddress.ucBytes[ 15 ] = 0x11;
 
     FreeRTOS_FindEndPointOnIP_IPv6_ExpectAndReturn( &pxTCPPacket->xIPHeader.xSourceAddress, pxNetworkBuffer->pxEndPoint );
@@ -185,6 +192,7 @@ void test_prvAllowIPPacketIPv6_LoopbackNotMatchSrc()
     TCPPacket_IPv6_t * pxTCPPacket = ( TCPPacket_IPv6_t * ) pxNetworkBuffer->pucEthernetBuffer;
     NetworkEndPoint_t xEndPoint;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
     memcpy( pxTCPPacket->xIPHeader.xDestinationAddress.ucBytes, FreeRTOS_in6addr_loopback.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
 
     FreeRTOS_FindEndPointOnIP_IPv6_ExpectAndReturn( &pxTCPPacket->xIPHeader.xSourceAddress, &xEndPoint );
@@ -206,6 +214,8 @@ void test_prvAllowIPPacketIPv6_NetworkDown()
 
     pxNetworkBuffer->pxEndPoint = NULL;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
+
     FreeRTOS_FindEndPointOnIP_IPv6_ExpectAndReturn( &pxTCPPacket->xIPHeader.xSourceAddress, NULL );
     FreeRTOS_IsNetworkUp_IgnoreAndReturn( 0 );
     FreeRTOS_FindEndPointOnMAC_ExpectAndReturn( &pxTCPPacket->xEthernetHeader.xSourceAddress, NULL, NULL );
@@ -225,6 +235,8 @@ void test_prvAllowIPPacketIPv6_SelfSend()
     NetworkBufferDescriptor_t * pxNetworkBuffer = prvInitializeNetworkDescriptor();
     TCPPacket_IPv6_t * pxTCPPacket = ( TCPPacket_IPv6_t * ) pxNetworkBuffer->pucEthernetBuffer;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
+
     FreeRTOS_FindEndPointOnMAC_ExpectAndReturn( &pxTCPPacket->xEthernetHeader.xSourceAddress, NULL, pxNetworkBuffer->pxEndPoint );
 
     eResult = prvAllowIPPacketIPv6( &pxTCPPacket->xIPHeader, pxNetworkBuffer, 0U );
@@ -241,6 +253,8 @@ void test_prvAllowIPPacketIPv6_ChecksumError()
     NetworkBufferDescriptor_t * pxNetworkBuffer = prvInitializeNetworkDescriptor();
     TCPPacket_IPv6_t * pxTCPPacket = ( TCPPacket_IPv6_t * ) pxNetworkBuffer->pucEthernetBuffer;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
+
     FreeRTOS_FindEndPointOnMAC_ExpectAndReturn( &pxTCPPacket->xEthernetHeader.xSourceAddress, NULL, NULL );
     usGenerateProtocolChecksum_ExpectAndReturn( pxNetworkBuffer->pucEthernetBuffer, pxNetworkBuffer->xDataLength, pdFALSE, ipWRONG_CRC );
 
@@ -260,6 +274,8 @@ void test_prvAllowIPPacketIPv6_InvalidPacket()
 
     pxNetworkBuffer->pxEndPoint = NULL;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
+
     FreeRTOS_FindEndPointOnIP_IPv6_ExpectAndReturn( &pxTCPPacket->xIPHeader.xSourceAddress, NULL );
     FreeRTOS_IsNetworkUp_IgnoreAndReturn( 1 );
 
@@ -285,6 +301,8 @@ void test_prvAllowIPPacketIPv6_EndpointDifferentAddress()
     memcpy( xEndpoint.ipv6_settings.xIPAddress.ucBytes, xDiffIPAddress.ucBytes, ipSIZE_OF_IPv6_ADDRESS );
     pxNetworkBuffer->pxEndPoint = &xEndpoint;
 
+    pxTCPPacket->xIPHeader.ucVersionTrafficClass = 0x60U;
+
     FreeRTOS_FindEndPointOnIP_IPv6_ExpectAndReturn( &( pxTCPPacket->xIPHeader.xSourceAddress ), NULL );
     FreeRTOS_IsNetworkUp_IgnoreAndReturn( 1 );
 
diff --git a/test/unit-test/FreeRTOS_ND/FreeRTOS_ND_utest.c b/test/unit-test/FreeRTOS_ND/FreeRTOS_ND_utest.c
@@ -1234,6 +1234,28 @@ void test_prvProcessICMPMessage_IPv6_EP( void )
     TEST_ASSERT_EQUAL( eReturn, eReleaseBuffer );
 }
 
+/**
+ * @brief This function process ICMP message when message has size
+ *        less than ICMPv6 header size
+ */
+void test_prvProcessICMPMessage_IPv6_PacketSizeBelowHeaderSize( void )
+{
+    NetworkBufferDescriptor_t xNetworkBuffer, * pxNetworkBuffer = &xNetworkBuffer;
+    ICMPPacket_IPv6_t xICMPPacket;
+    NetworkEndPoint_t xEndPoint;
+    eFrameProcessingResult_t eReturn;
+
+    xEndPoint.bits.bIPv6 = pdTRUE_UNSIGNED;
+    xICMPPacket.xICMPHeaderIPv6.ucTypeOfMessage = ipICMP_DEST_UNREACHABLE_IPv6;
+    pxNetworkBuffer->pxEndPoint = &xEndPoint;
+    pxNetworkBuffer->pucEthernetBuffer = ( uint8_t * ) &xICMPPacket;
+    pxNetworkBuffer->xDataLength = ipSIZE_OF_ETH_HEADER + ipSIZE_OF_IPv6_HEADER + 2U;
+
+    eReturn = prvProcessICMPMessage_IPv6( pxNetworkBuffer );
+
+    TEST_ASSERT_EQUAL( eReturn, eReleaseBuffer );
+}
+
 /**
  * @brief This function process ICMP message when message type is
  *        ipICMP_DEST_UNREACHABLE_IPv6.
