Eitan Adler
2014-02-07 01:11:41 UTC
The following bug was recently fixed in DragonFlyBSD and FreeBSD. A
similar patch is awaiting approval for OpenBSD.
libc/net: Fix issue in inet6_opt_init() (from RFC 3542):
* The RFC says (in section 10.1) that only when extbuf is not NULL,
extlen shall be checked, so don't perform this check when NULL
is passed.
* While here make the code more similar to the other BSDs.
Obtained by: DragonFlyBSD
Index: ip6opt.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/ip6opt.c,v
retrieving revision 1.14
diff -u -r1.14 ip6opt.c
--- ip6opt.c 20 Mar 2012 17:44:18 -0000 1.14
+++ ip6opt.c 7 Feb 2014 01:09:44 -0000
@@ -442,11 +442,8 @@
{
struct ip6_ext *ext = (struct ip6_ext *)extbuf;
- if (extlen % 8)
- return (-1);
-
if (ext) {
- if (extlen == 0)
+ if (extlen <= 0 || (extlen % 8))
return (-1);
ext->ip6e_len = (extlen >> 3) - 1;
}
similar patch is awaiting approval for OpenBSD.
libc/net: Fix issue in inet6_opt_init() (from RFC 3542):
* The RFC says (in section 10.1) that only when extbuf is not NULL,
extlen shall be checked, so don't perform this check when NULL
is passed.
* While here make the code more similar to the other BSDs.
Obtained by: DragonFlyBSD
Index: ip6opt.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/ip6opt.c,v
retrieving revision 1.14
diff -u -r1.14 ip6opt.c
--- ip6opt.c 20 Mar 2012 17:44:18 -0000 1.14
+++ ip6opt.c 7 Feb 2014 01:09:44 -0000
@@ -442,11 +442,8 @@
{
struct ip6_ext *ext = (struct ip6_ext *)extbuf;
- if (extlen % 8)
- return (-1);
-
if (ext) {
- if (extlen == 0)
+ if (extlen <= 0 || (extlen % 8))
return (-1);
ext->ip6e_len = (extlen >> 3) - 1;
}
--
Eitan Adler
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Eitan Adler
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de