Date: Thu, 09 Apr 2015 00:24:59 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 199304] minor bug in /usr/src/sys/netinet6/nd6_nbr.c Message-ID: <bug-199304-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199304 Bug ID: 199304 Summary: minor bug in /usr/src/sys/netinet6/nd6_nbr.c Product: Base System Version: 10.1-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: fbsd.bugzilla@fenyo.net In /usr/src/sys/netinet6/nd6_nbr.c, there are 2 times the following code: if (max_linkhdr + maxlen >= MCLBYTES) { #ifdef DIAGNOSTIC printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); #endif return; } There is two times the same little mistake in this code: the ">=" should changed to ">". It is correctly written in the last part of the diag: "(%d + %d > %d)\n" But it is incorrect in the test (">= MCLBYTES" instead of "> MCLBYTES") and in the first part of the diag: "max_linkhdr + maxlen >= MCLBYTES" instead of "max_linkhdr + maxlen > MCLBYTES". This is a bug because if the packet need exactly MCLBYTES, it is possible to process it, but the code would not process the packet. Anyway, this case should never happen because the Neigbor Advertisement and Neighbor Solicitation packets are always small enough to be contained in a single MBUF cluster. But the code is wrong, it would be nicer if corrected. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199304-8>