Date: Thu, 16 May 2019 11:14:08 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r347686 - stable/11/sys/netinet6 Message-ID: <201905161114.x4GBE8Fj003822@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Thu May 16 11:14:08 2019 New Revision: 347686 URL: https://svnweb.freebsd.org/changeset/base/347686 Log: MFC r346400: Improve input validation for the socket option IPV6_CHECKSUM. When using the IPPROTO_IPV6 level socket option IPV6_CHECKSUM on a raw IPv6 socket, ensure that the value is either -1 or a non-negative even number. Modified: stable/11/sys/netinet6/ip6_output.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netinet6/ip6_output.c ============================================================================== --- stable/11/sys/netinet6/ip6_output.c Thu May 16 11:09:53 2019 (r347685) +++ stable/11/sys/netinet6/ip6_output.c Thu May 16 11:14:08 2019 (r347686) @@ -2168,8 +2168,11 @@ ip6_raw_ctloutput(struct socket *so, struct sockopt *s sizeof(optval)); if (error) break; - if ((optval % 2) != 0) { - /* the API assumes even offset values */ + if (optval < -1 || (optval % 2) != 0) { + /* + * The API assumes non-negative even offset + * values or -1 as a special value. + */ error = EINVAL; } else if (so->so_proto->pr_protocol == IPPROTO_ICMPV6) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905161114.x4GBE8Fj003822>