upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-10 09:11:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

correct more out-of-bounds memory access, if cnt == 1 and optlen > 1.

Browse source 
similar to recent fix to sys/netinet/ipf.c (by darren).
This commit is contained in:
Jun-ichiro itojun Hagino 2000-05-10 01:25:33 +00:00
parent fc81cf82e9
commit fdcb8debf6
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/netinet/ip_input.c
View file

@ -1078,6 +1078,10 @@ ip_dooptions(m)
if (opt == IPOPT_NOP)
optlen = 1;
else {
if (cnt < IPOPT_OLEN + sizeof(*cp)) {
code = &cp[IPOPT_OLEN] - (u_char *)ip;
goto bad;
}
optlen = cp[IPOPT_OLEN];
if (optlen <= 0 || optlen > cnt) {
code = &cp[IPOPT_OLEN] - (u_char *)ip;