CVSROOT:        /cvs
Module name:    src
Changes by:     [email protected]        2026/07/03 07:30:57

Modified files:
        sbin/iked      : vroute.c 

Log message:
iked: vroute: Validate routing socket replies

When parsing malformed RTM replies from the kernel vroute_process()
might walk beyond the response buffer.  Therefore check msglen and
rtm_msglen cover the header, and bound every sa_len against the
remaining message and sizeof(struct sockaddr_storage) before copying.

>From Andrew Griffiths, thanks!

Reply via email to