CVS commit: src/sys/netipsec

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/netipsec
From: "Matthias Drochner" <drochner%netbsd.org@localhost>
Date: Mon, 21 Feb 2011 22:54:45 +0000

Module Name:    src
Committed By:   drochner
Date:           Mon Feb 21 22:54:45 UTC 2011

Modified Files:
        src/sys/netipsec: ipsec_input.c

Log Message:
adopt a fix from OpenBSD: when scanning the IPv6 header chain, take
into account that the extension header type is not in the extension
header itself but in the previous one -- this makes a difference
because (a) the length field is different for AH than for all others
and (b) the offset of the "next type" field isn't the same in primary
and extension headers.
(I didn't manage to trigger the bug in my tests, no extension headers
besides AH made it to that point. Didn't try hard enough -- the fix
is still valid.)


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/sys/netipsec/ipsec_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/sys/netipsec
Next by Date: CVS commit: src/sys/kern
Previous by Thread: CVS commit: src/sys/netipsec
Next by Thread: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index