Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Reinforce this area, make sure the length field...
details: https://anonhg.NetBSD.org/src/rev/34d24bd56dc7
branches: trunk
changeset: 830122:34d24bd56dc7
user: maxv <maxv%NetBSD.org@localhost>
date: Mon Feb 26 06:40:08 2018 +0000
description:
Reinforce this area, make sure the length field fits the option. Normally
it always does because the options were already sanitized earlier.
diffstat:
sys/netipsec/xform_ah.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diffs (37 lines):
diff -r ee79c8d86a46 -r 34d24bd56dc7 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Mon Feb 26 06:34:39 2018 +0000
+++ b/sys/netipsec/xform_ah.c Mon Feb 26 06:40:08 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.86 2018/02/16 09:24:55 maxv Exp $ */
+/* $NetBSD: xform_ah.c,v 1.87 2018/02/26 06:40:08 maxv Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.86 2018/02/16 09:24:55 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.87 2018/02/26 06:40:08 maxv Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -505,6 +505,9 @@
continue;
}
+ if (count + 1 >= noff) {
+ goto error6;
+ }
ad = ptr[count + 1] + 2;
if (count + ad > noff) {
@@ -532,7 +535,7 @@
* Always include routing headers in
* computation.
*/
- ip6e = (struct ip6_ext *) (ptr + off);
+ ip6e = (struct ip6_ext *)(ptr + off);
rh = (struct ip6_rthdr *)(ptr + off);
/*
* must adjust content to make it look like
Home |
Main Index |
Thread Index |
Old Index