svn commit: r346400 - head/sys/netinet6
Michael Tuexen
tuexen at FreeBSD.org
Tue Sep 3 14:08:02 UTC 2019
Author: tuexen
Date: Fri Apr 19 17:17:41 2019
New Revision: 346400
URL: https://svnweb.freebsd.org/changeset/base/346400
Log:
Improve input validation for the socket option IPV6_CHECKSUM.
When using the IPPROTO_IPV6 level socket option IPV6_CHECKSUM on a raw
IPv6 socket, ensure that the value is either -1 or a non-negative even
number.
Reviewed by: bz@, thj@
MFC after: 1 week
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D19966
Modified:
head/sys/netinet6/ip6_output.c
Modified: head/sys/netinet6/ip6_output.c
==============================================================================
--- head/sys/netinet6/ip6_output.c Fri Apr 19 17:15:58 2019 (r346399)
+++ head/sys/netinet6/ip6_output.c Fri Apr 19 17:17:41 2019 (r346400)
@@ -2221,8 +2221,11 @@ ip6_raw_ctloutput(struct socket *so, struct sockopt *s
sizeof(optval));
if (error)
break;
- if ((optval % 2) != 0) {
- /* the API assumes even offset values */
+ if (optval < -1 || (optval % 2) != 0) {
+ /*
+ * The API assumes non-negative even offset
+ * values or -1 as a special value.
+ */
error = EINVAL;
} else if (so->so_proto->pr_protocol ==
IPPROTO_ICMPV6) {
More information about the svn-src-all
mailing list