summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ah_core.c
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2001-02-26 03:41:13 +0000
committerkris <kris@FreeBSD.org>2001-02-26 03:41:13 +0000
commitf13b6fe378f977bb101bdefab5288f0ba5ebf18b (patch)
treed316f4cc8646f50e64e2674752d10e9b69041c42 /sys/netinet6/ah_core.c
parenta7a408f67ff21a3e24c002cf0007bde818da83fc (diff)
downloadFreeBSD-src-f13b6fe378f977bb101bdefab5288f0ba5ebf18b.zip
FreeBSD-src-f13b6fe378f977bb101bdefab5288f0ba5ebf18b.tar.gz
More IP option length validation.
Includes the following revisions from KAME (two of these were actually committed previously but the CVS revisions weren't documented): 1.40 kame/kame/sys/netinet6/ah_core.c (committed in previous rev) 1.41 kame/kame/sys/netinet6/ah_core.c 1.28 kame/kame/sys/netinet6/ah_output.c (committed in previous rev) 1.29 kame/kame/sys/netinet6/ah_output.c 1.30 kame/kame/sys/netinet6/ah_output.c 1.129 kame/kame/sys/netinet6/nd6.c 1.130 kame/kame/sys/netinet6/nd6.c 1.24 kame/kame/sys/netinet6/dest6.c 1.25 kame/kame/sys/netinet6/dest6.c Obtained from: KAME
Diffstat (limited to 'sys/netinet6/ah_core.c')
-rw-r--r--sys/netinet6/ah_core.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/sys/netinet6/ah_core.c b/sys/netinet6/ah_core.c
index 92481db..477de51 100644
--- a/sys/netinet6/ah_core.c
+++ b/sys/netinet6/ah_core.c
@@ -788,6 +788,8 @@ again:
i = sizeof(struct ip);
while (i < hlen) {
if (i + IPOPT_OPTVAL >= hlen) {
+ ipseclog((LOG_ERR, "ah4_calccksum: "
+ "invalid IP option\n"));
error = EINVAL;
goto fail;
}
@@ -796,6 +798,10 @@ again:
i + IPOPT_OLEN < hlen)
;
else {
+ ipseclog((LOG_ERR,
+ "ah4_calccksum: invalid IP option "
+ "(type=%02x)\n",
+ p[i + IPOPT_OPTVAL]));
error = EINVAL;
goto fail;
}
@@ -813,14 +819,19 @@ again:
case 0x94: /* Router alert */
case 0x95: /* RFC1770 */
l = p[i + IPOPT_OLEN];
+ if (l < 2)
+ goto invalopt;
skip = 0;
break;
default:
l = p[i + IPOPT_OLEN];
+ if (l < 2)
+ goto invalopt;
skip = 1;
break;
}
- if (l <= 0 || hlen - i < l) {
+ if (l < 1 || hlen - i < l) {
+ invalopt:
ipseclog((LOG_ERR,
"ah4_calccksum: invalid IP option "
"(type=%02x len=%02x)\n",
OpenPOWER on IntegriCloud