From bc2026689be005a2ad50810671be4197bb10a358 Mon Sep 17 00:00:00 2001
From: Glen Gibb <grg@stanford.edu>
Date: Tue, 10 Nov 2009 13:39:56 -0800
Subject: [PATCH] Safety checks for ARP packets

Verify that ARP packets are for IP and that the protocol length is 4
before extracting source/destination IP addresses.
---
 lib/flow.c    | 6 ++++--
 lib/packets.h | 2 ++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/flow.c b/lib/flow.c
index 4007f27..62cd108 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -211,8 +211,10 @@ flow_extract(struct ofpbuf *packet, uint16_t in_port, struct flow *flow)
         } else if (flow->dl_type == htons(ETH_TYPE_ARP)) {
             const struct arp_eth_header *arp = pull_arp(&b);
             if (arp) {
-                flow->nw_src = arp->ar_spa;
-                flow->nw_dst = arp->ar_tpa;
+                if (arp->ar_pro == htons(ARP_PRO_IP) && arp->ar_pln == IP_ADDR_LEN) {
+                    flow->nw_src = arp->ar_spa;
+                    flow->nw_dst = arp->ar_tpa;
+                }
                 flow->nw_proto = ntohs(arp->ar_op) && 0xff;
             }
         }
diff --git a/lib/packets.h b/lib/packets.h
index c451a1c..fed105d 100644
--- a/lib/packets.h
+++ b/lib/packets.h
@@ -200,6 +200,8 @@ BUILD_ASSERT_DECL(VLAN_ETH_HEADER_LEN == sizeof(struct vlan_eth_header));
 #define IP_IS_FRAGMENT(ip_frag_off) \
         ((ip_frag_off) & htons(IP_MORE_FRAGMENTS | IP_FRAG_OFF_MASK))
 
+#define IP_ADDR_LEN 4
+
 #define IP_HEADER_LEN 20
 struct ip_header {
     uint8_t ip_ihl_ver;