jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-03 19:08:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add length check to sbcreatecontrol().

Browse Source 
Now this check is necessary because IPv6 source routing might use
  control data bigger than MLEN. (e.g. 16bytes IPv6 addr x 23 hops)
  Actually mbuf cluster should be used in uipc_socket.c:sbcreatecontrol()
  and uipc_syscalls.c:sockargs() when data size is bigger then MLEN,
  and such patches were already in KAME environment and have been
  confirmed to work well. I just forgot to merge them into 4.0, sorry.

  For safety, I'll postpone such patches until after 4.0 release.
  The effect of postponement is followings.
    -Ping6 source routing hops are limitted to around 6 or so.
    -If some apps do setsockopt IPV6_RTHDR and try to receive
     incoming IPv6 source routing info, it can't receive more
     than 6 hops source routing info.
     (But currently, no apps seems to be doing it.)

Approved by: jkh
This commit is contained in:
Yoshinobu Inoue 2000-02-24 19:21:26 +00:00
parent b87f0bc988
commit 0b97e97cd2
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=57441
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/kern/uipc_sockbuf.c
View File

@ -839,6 +839,8 @@ sbcreatecontrol(p, size, type, level)
register struct cmsghdr *cp;
struct mbuf *m;
if ((u_int)size > MLEN)
return ((struct mbuf *) NULL);
if ((m = m_get(M_DONTWAIT, MT_CONTROL)) == NULL)
return ((struct mbuf *) NULL);
cp = mtod(m, struct cmsghdr *);

2
sys/kern/uipc_socket2.c
View File

@ -839,6 +839,8 @@ sbcreatecontrol(p, size, type, level)
register struct cmsghdr *cp;
struct mbuf *m;
if ((u_int)size > MLEN)
return ((struct mbuf *) NULL);
if ((m = m_get(M_DONTWAIT, MT_CONTROL)) == NULL)
return ((struct mbuf *) NULL);
cp = mtod(m, struct cmsghdr *);