[Bug 240135] Correctness issue in IPv6 extension headers input processing routines
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 26 21:35:01 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240135
Bug ID: 240135
Summary: Correctness issue in IPv6 extension headers input
processing routines
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: prabhakar.lakhera at gmail.com
There seems to be a correctness issue in pr_inputs defined for various
extension header processing routines for IPv6.
The routines call IP6_EXTHDR_* macros which may end up releasing the mbuf
passed to the routine.
Even though the functions are passed pointer to the pointer to mbuf, the
pointer is not updated before returning from the routine even for the cases
that may not return IPPROTO_DONE.
Change would be to simply update the mbuf pointer along with updating the
offset.
Please refer to implementation of route6_input/dest6_input
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list