[src/trunk]: src/sys/netinet6 Fix the calculation of the ICMP6 error pointer....

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/62c2d678261a
branches:  trunk
changeset: 358947:62c2d678261a
user:      maxv <maxv%NetBSD.org@localhost>
date:      Tue Jan 23 15:13:56 2018 +0000

description:
Fix the calculation of the ICMP6 error pointer. It is not correct to use

        pointer = opt - mtod(m, u_int8_t *)

because m may have gone through m_pulldown, and it is possible that
m->m_data is no longer the beginning of the packet.

diffstat:

 sys/netinet6/dest6.c |  16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diffs (51 lines):

diff -r 9c7d9cccca03 -r 62c2d678261a sys/netinet6/dest6.c
--- a/sys/netinet6/dest6.c      Tue Jan 23 15:08:11 2018 +0000
+++ b/sys/netinet6/dest6.c      Tue Jan 23 15:13:56 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dest6.c,v 1.20 2017/01/11 13:08:29 ozaki-r Exp $       */
+/*     $NetBSD: dest6.c,v 1.21 2018/01/23 15:13:56 maxv Exp $  */
 /*     $KAME: dest6.c,v 1.25 2001/02/22 01:39:16 itojun Exp $  */
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: dest6.c,v 1.20 2017/01/11 13:08:29 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: dest6.c,v 1.21 2018/01/23 15:13:56 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -56,7 +56,7 @@
 dest6_input(struct mbuf **mp, int *offp, int proto)
 {
        struct mbuf *m = *mp;
-       int off = *offp, dstoptlen, optlen;
+       int off = *offp, erroff, dstoptlen, optlen;
        struct ip6_dest *dstopts;
        u_int8_t *opt;
 
@@ -89,8 +89,8 @@
                        optlen = *(opt + 1) + 2;
                        break;
                default:                /* unknown option */
-                       optlen = ip6_unknown_opt(opt, m,
-                           opt - mtod(m, u_int8_t *));
+                       erroff = *offp + (opt - (u_int8_t *)dstopts);
+                       optlen = ip6_unknown_opt(opt, m, erroff);
                        if (optlen == -1)
                                return (IPPROTO_DONE);
                        optlen += 2;
@@ -99,9 +99,9 @@
        }
 
        *offp = off;
-       return (dstopts->ip6d_nxt);
+       return dstopts->ip6d_nxt;
 
-  bad:
+bad:
        m_freem(m);
-       return (IPPROTO_DONE);
+       return IPPROTO_DONE;
 }