Hi,
Fun OpenBSD bug. ip_dooptions() will allow IPOPT_SSRR with optlen = 2.save_rte() will set isr_nhops to very large value, which will cause overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/ -erg _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/