CVSROOT: /cvs Module name: src Changes by: [email protected] 2026/07/03 07:30:57
Modified files:
sbin/iked : vroute.c
Log message:
iked: vroute: Validate routing socket replies
When parsing malformed RTM replies from the kernel vroute_process()
might walk beyond the response buffer. Therefore check msglen and
rtm_msglen cover the header, and bound every sa_len against the
remaining message and sizeof(struct sockaddr_storage) before copying.
>From Andrew Griffiths, thanks!
