[src/netbsd-1-5]: src/sys/netinet6 Pullup 1.33 [itojun]:

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/sys/netinet6 Pullup 1.33 [itojun]:
From: tv <tv%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:23:01 +0000

details:   https://anonhg.NetBSD.org/src/rev/6d6e5ac0164f
branches:  netbsd-1-5
changeset: 489757:6d6e5ac0164f
user:      tv <tv%NetBSD.org@localhost>
date:      Tue Oct 17 00:48:51 2000 +0000

description:
Pullup 1.33 [itojun]:
validate mbuf chain length on *_ctlinput.  remote node may be able to
transmit a truncated icmp6 packet and panic the system.  sync with kame.

diffstat:

 sys/netinet6/udp6_usrreq.c |  6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diffs (20 lines):

diff -r e70a69e7ff3f -r 6d6e5ac0164f sys/netinet6/udp6_usrreq.c
--- a/sys/netinet6/udp6_usrreq.c        Tue Oct 17 00:48:30 2000 +0000
+++ b/sys/netinet6/udp6_usrreq.c        Tue Oct 17 00:48:51 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: udp6_usrreq.c,v 1.30 2000/06/08 13:51:34 itojun Exp $  */
+/*     $NetBSD: udp6_usrreq.c,v 1.30.2.1 2000/10/17 00:48:51 tv Exp $  */
 /*     $KAME: udp6_usrreq.c,v 1.52 2000/06/05 00:41:58 itojun Exp $    */
 
 /*
@@ -528,6 +528,10 @@
                if (IN6_IS_ADDR_LINKLOCAL(&s))
                        s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
 
+               /* check if we can safely examine src and dst ports */
+               if (m->m_pkthdr.len < off + sizeof(uh))
+                       return;
+
                if (m->m_len < off + sizeof(uh)) {
                        /*
                         * this should be rare case,

Prev by Date: [src/netbsd-1-5]: src/sys/netinet Pullup 1.41 [enami]:
Next by Date: [src/netbsd-1-5]: src/sys/dev/pcmcia Pullup 1.41 [jonathan]:
Previous by Thread: [src/netbsd-1-5]: src/sys/netinet Pullup 1.41 [enami]:
Next by Thread: [src/netbsd-1-5]: src/sys/dev/pcmcia Pullup 1.41 [jonathan]:
Indexes:

Home | Main Index | Thread Index | Old Index