Hi all,
The following bug was recently fixed in DragonFlyBSD and FreeBSD:
libc/net: Fix issue in inet6_opt_init() (from RFC 3542):
* The RFC says (in section 10.1) that only when extbuf is not NULL,
extlen shall be checked, so don't perform this check when NULL
is passed.
Obtained by: DragonFlyBSD
Index: ip6opt.c
===================================================================
RCS file: /cvs/src/lib/libc/net/ip6opt.c,v
retrieving revision 1.4
diff -u -r1.4 ip6opt.c
--- ip6opt.c 9 Dec 2006 01:12:28 -0000 1.4
+++ ip6opt.c 5 Feb 2014 01:30:21 -0000
@@ -383,11 +383,8 @@
{
struct ip6_ext *ext = (struct ip6_ext *)extbuf;
- if (extlen < 0 || (extlen % 8))
- return (-1);
-
if (ext) {
- if (extlen == 0)
+ if (extlen <= 0 || (extlen % 8))
return (-1);
ext->ip6e_len = (extlen >> 3) - 1;
}
--
Eitan Adler
