Module Name: src
Committed By: maxv
Date: Thu Jan 25 20:55:15 UTC 2018
Modified Files:
src/sys/netinet6: frag6.c
Log Message:
Kick zero-sized fragments. We can't allow them to enter; two fragments
could be put at the same offset.
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/netinet6/frag6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet6/frag6.c
diff -u src/sys/netinet6/frag6.c:1.63 src/sys/netinet6/frag6.c:1.64
--- src/sys/netinet6/frag6.c:1.63 Thu Jan 25 15:55:57 2018
+++ src/sys/netinet6/frag6.c Thu Jan 25 20:55:15 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: frag6.c,v 1.63 2018/01/25 15:55:57 maxv Exp $ */
+/* $NetBSD: frag6.c,v 1.64 2018/01/25 20:55:15 maxv Exp $ */
/* $KAME: frag6.c,v 1.40 2002/05/27 21:40:31 itojun Exp $ */
/*
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.63 2018/01/25 15:55:57 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: frag6.c,v 1.64 2018/01/25 20:55:15 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_net_mpsafe.h"
@@ -189,13 +189,14 @@ frag6_input(struct mbuf **mp, int *offp,
}
/*
- * check whether fragment packet's fragment length is
+ * Check whether fragment packet's fragment length is non-zero and
* multiple of 8 octets.
* sizeof(struct ip6_frag) == 8
* sizeof(struct ip6_hdr) = 40
*/
if ((ip6f->ip6f_offlg & IP6F_MORE_FRAG) &&
- (((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
+ (((ntohs(ip6->ip6_plen) - offset) == 0) ||
+ ((ntohs(ip6->ip6_plen) - offset) & 0x7) != 0)) {
icmp6_error(m, ICMP6_PARAM_PROB, ICMP6_PARAMPROB_HEADER,
offsetof(struct ip6_hdr, ip6_plen));
in6_ifstat_inc(dstifp, ifs6_reass_fail);
