Hi,
Fun OpenBSD bug.
ip_dooptions() will allow IPOPT_SSRR with optlen = 2.
save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/
-erg
Hi,
Trivial overflow in hfslib_reada_node_offset, while loop has no range
checks.
|size_t hfslib_reada_node_offsets(void* in_bytes, uint16_t*
out_offset_array) { void* ptr; if (in_bytes == NULL || out_offset_array
== NULL) return 0; ptr = in_bytes; out_offset_array--; do {
