Module Name: src
Committed By: martin
Date: Tue Aug 14 14:34:42 UTC 2018
Modified Files:
src/sys/netinet6 [netbsd-7]: frag6.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1630):
sys/netinet6/frag6.c: revision 1.64
Kick zero-sized fragments. We can't allow them to enter; two fragments
could be put at the same offset.
To generate a diff of this commit:
cvs rdiff -u -r1.55.4.2 -r1.55.4.3 src/sys/netinet6/frag6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/frag6.c
diff -u src/sys/netinet6/frag6.c:1.55.4.2 src/sys/netinet6/frag6.c:1.55.4.3
--- src/sys/netinet6/frag6.c:1.55.4.2 Thu Apr 5 11:48:13 2018
+++ src/sys/netinet6/frag6.c Tue Aug 14 14:34:42 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: frag6.c,v 1.55.4.2 2018/04/05 11:48:13 martin Exp $ */
+/* $NetBSD: frag6.c,v 1.55.4.3 2018/08/14 14:34:42 martin Exp $ */
/* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.4.2 2018/04/05 11:48:13 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.55.4.3 2018/08/14 14:34:42 martin Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -152,13 +152,14 @@ frag6_input(struct mbuf **mp, int *offp,
}
/*
- * check whether fragment packet's fragment length is
+ * Check whether fragment packet's fragment length is non-zero and
* multiple of 8 octets.
* sizeof(struct ip6_frag) == 8
* sizeof(struct ip6_hdr) = 40
*/
if ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) &&
- (((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
+ (((ntohs(ip6->ip6_plen) - offset) == 0) ||
+ ((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
offsetof(struct ip6_hdr, ip6_plen));
in6_ifstat_inc(dstifp, ifs6_reass_fail);
