freebsd-src

mirror of https://github.com/freebsd/freebsd-src.git synced 2024-12-03 14:48:57 +00:00

History

Kristof Provost 1dfb02822e MFC r317186 pf: Fix possible incorrect IPv6 fragmentation When forwarding pf tracks the size of the largest fragment in a fragmented packet, and refragments based on this size. It failed to ensure that this size was a multiple of 8 (as is required for all but the last fragment), so it could end up generating incorrect fragments. For example, if we received an 8 byte and 12 byte fragment pf would emit a first fragment with 12 bytes of payload and the final fragment would claim to be at offset 8 (not 12). We now assert that the fragment size is a multiple of 8 in ip6_fragment(), so other users won't make the same mistake. Reported by: Antonios Atlasis <aatlasis at secfu net>	2017-04-23 08:59:57 +00:00
..
ipfw	MFC r315516	2017-03-31 06:33:20 +00:00
pf	MFC r317186	2017-04-23 08:59:57 +00:00

Kristof Provost 1dfb02822e MFC r317186

pf: Fix possible incorrect IPv6 fragmentation

When forwarding pf tracks the size of the largest fragment in a fragmented
packet, and refragments based on this size.
It failed to ensure that this size was a multiple of 8 (as is required for all
but the last fragment), so it could end up generating incorrect fragments.

For example, if we received an 8 byte and 12 byte fragment pf would emit a first
fragment with 12 bytes of payload and the final fragment would claim to be at
offset 8 (not 12).

We now assert that the fragment size is a multiple of 8 in ip6_fragment(), so
other users won't make the same mistake.

Reported by:    Antonios Atlasis <aatlasis at secfu net>

2017-04-23 08:59:57 +00:00

ipfw

MFC r315516

2017-03-31 06:33:20 +00:00

MFC r317186

2017-04-23 08:59:57 +00:00