ping6 extension headers bounds checking
Mike Makonnen
mtm at FreeBSD.Org
Tue Apr 17 06:33:08 UTC 2007
On Mon, Apr 16, 2007 at 10:25:59PM +0200, Max Laier wrote:
>
> I think it'd be better to supply the print functions with the rest of the
> bufferlen instead of an offset. This way only the caller has to know the
> size of the buffer -
Ok, Done. See attached patch.
>btw, do we get a result back i.e. how much buffer
> was used. In addition you could check if the offset in the for-loop of
> the caller is within bounds, before even attempting to call further.
On the first part: no and yes :). The cmsg structure tells you the length,
including the cmsg header, which is fine if the buffer is big enough. If
the buffer is too small, the stated length in the cmsg structure stays
the same but MSG_CTRUNC is appended to msg_flags to tell you that dome
data was discarded at the end because it didn't fit in the buffer.
On the second part: Done. see attached patch.
Cheers.
--
Mike Makonnen | GPG-KEY: http://people.freebsd.org/~mtm/mtm.asc
mmakonnen @ gmail.com | AC7B 5672 2D11 F4D0 EBF8 5279 5359 2B82 7CD4 1F55
mtm @ FreeBSD.Org | FreeBSD - http://www.freebsd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ping6.diff
Type: text/x-diff
Size: 6211 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070417/b6c4cfd2/ping6.bin
More information about the freebsd-net
mailing list