Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet correct more out-of-bounds memory access, if cnt...
details: https://anonhg.NetBSD.org/src/rev/d93cd9cfb917
branches: trunk
changeset: 485969:d93cd9cfb917
user: itojun <itojun%NetBSD.org@localhost>
date: Wed May 10 01:19:44 2000 +0000
description:
correct more out-of-bounds memory access, if cnt == 1 and optlen > 1.
diffstat:
sys/netinet/ip_input.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diffs (20 lines):
diff -r 64faa3f7da5d -r d93cd9cfb917 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Wed May 10 00:24:14 2000 +0000
+++ b/sys/netinet/ip_input.c Wed May 10 01:19:44 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.112 2000/05/06 16:35:14 sommerfeld Exp $ */
+/* $NetBSD: ip_input.c,v 1.113 2000/05/10 01:19:44 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -967,6 +967,10 @@
if (opt == IPOPT_NOP)
optlen = 1;
else {
+ if (cnt < IPOPT_OLEN + sizeof(*cp)) {
+ code = &cp[IPOPT_OLEN] - (u_char *)ip;
+ goto bad;
+ }
optlen = cp[IPOPT_OLEN];
if (optlen <= 0 || optlen > cnt) {
code = &cp[IPOPT_OLEN] - (u_char *)ip;
Home |
Main Index |
Thread Index |
Old Index