tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

ip6opt.c



The following bug was recently fixed in DragonFlyBSD and FreeBSD.  A
similar patch is awaiting approval for OpenBSD.

libc/net: Fix issue in inet6_opt_init() (from RFC 3542):

* The RFC says (in section 10.1) that only when extbuf is not NULL,
extlen shall be checked, so don't perform this check when NULL
is passed.

* While here make the code more similar to the other BSDs.

Obtained by: DragonFlyBSD

Index: ip6opt.c
===================================================================
RCS file: /cvsroot/src/lib/libc/net/ip6opt.c,v
retrieving revision 1.14
diff -u -r1.14 ip6opt.c
--- ip6opt.c    20 Mar 2012 17:44:18 -0000      1.14
+++ ip6opt.c    7 Feb 2014 01:09:44 -0000
@@ -442,11 +442,8 @@
 {
        struct ip6_ext *ext = (struct ip6_ext *)extbuf;

-       if (extlen % 8)
-               return (-1);
-
        if (ext) {
-               if (extlen == 0)
+               if (extlen <= 0 || (extlen % 8))
                        return (-1);
                ext->ip6e_len = (extlen >> 3) - 1;
        }




-- 
Eitan Adler


Home | Main Index | Thread Index | Old Index