Module Name: src
Committed By: riastradh
Date: Fri Apr 19 00:55:35 UTC 2024
Modified Files:
src/sys/netinet6: ip6_output.c
Log Message:
ip6_output: Initialize plen for ip6_hopopts_input.
This funny little block in ip6_process_hopopts assumes it is
initialized as and behaves differently depending on whether it's zero
or not:
https://nxr.netbsd.org/xref/src/sys/netinet6/ip6_input.c?r=1.227#976
In the other call site, it is initialized to ip6->ip6_plen:
https://nxr.netbsd.org/xref/src/sys/netinet6/ip6_input.c?r=1.227#561
Reported-by: [email protected]
https://syzkaller.appspot.com/bug?extid=587e3b707bdfe533283f
To generate a diff of this commit:
cvs rdiff -u -r1.234 -r1.235 src/sys/netinet6/ip6_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.234 src/sys/netinet6/ip6_output.c:1.235
--- src/sys/netinet6/ip6_output.c:1.234 Thu Aug 3 05:45:36 2023
+++ src/sys/netinet6/ip6_output.c Fri Apr 19 00:55:35 2024
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_output.c,v 1.234 2023/08/03 05:45:36 ozaki-r Exp $ */
+/* $NetBSD: ip6_output.c,v 1.235 2024/04/19 00:55:35 riastradh Exp $ */
/* $KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.234 2023/08/03 05:45:36 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.235 2024/04/19 00:55:35 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -754,7 +754,7 @@ ip6_output(
* XXX Is this really necessary?
*/
if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
- u_int32_t dummy1; /* XXX unused */
+ u_int32_t dummy1 = 0; /* XXX unused */
u_int32_t dummy2; /* XXX unused */
int hoff = sizeof(struct ip6_hdr);
