Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet6 Fix the check on 'maxlen', we are not creating ...
details: https://anonhg.NetBSD.org/src/rev/dea405a09702
branches: trunk
changeset: 829241:dea405a09702
user: maxv <maxv%NetBSD.org@localhost>
date: Tue Jan 23 10:46:59 2018 +0000
description:
Fix the check on 'maxlen', we are not creating struct icmp6_hdr but
struct nd_redirect (which is bigger). Also, make sure we can add a
struct nd_opt_rd_hdr.
Normally this doesn't change anything, since the mbuf has IPV6_MMTU
bytes, and it's always way bigger than what we need.
diffstat:
sys/netinet6/icmp6.c | 11 ++++++++---
1 files changed, 8 insertions(+), 3 deletions(-)
diffs (40 lines):
diff -r 9ffcc3bd7d00 -r dea405a09702 sys/netinet6/icmp6.c
--- a/sys/netinet6/icmp6.c Tue Jan 23 10:32:50 2018 +0000
+++ b/sys/netinet6/icmp6.c Tue Jan 23 10:46:59 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.217 2018/01/23 10:32:50 maxv Exp $ */
+/* $NetBSD: icmp6.c,v 1.218 2018/01/23 10:46:59 maxv Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.217 2018/01/23 10:32:50 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.218 2018/01/23 10:46:59 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -2544,8 +2544,9 @@
m->m_len = 0;
maxlen = M_TRAILINGSPACE(m);
maxlen = min(IPV6_MMTU, maxlen);
+
/* just for safety */
- if (maxlen < sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) +
+ if (maxlen < sizeof(struct ip6_hdr) + sizeof(struct nd_redirect) +
((sizeof(struct nd_opt_hdr) + ifp->if_addrlen + 7) & ~7)) {
goto fail;
}
@@ -2666,6 +2667,10 @@
len = maxlen - (p - (u_char *)ip6);
len &= ~7;
+ if (len < sizeof(*nd_opt_rh)) {
+ goto noredhdropt;
+ }
+
/*
* Redirected header option spec (RFC2461 4.6.3) talks nothing
* about padding/truncate rule for the original IP packet.
Home |
Main Index |
Thread Index |
Old Index