svn commit: r347686 - stable/11/sys/netinet6
Michael Tuexen
tuexen at FreeBSD.org
Thu May 16 11:14:09 UTC 2019
Author: tuexen
Date: Thu May 16 11:14:08 2019
New Revision: 347686
URL: https://svnweb.freebsd.org/changeset/base/347686
Log:
MFC r346400:
Improve input validation for the socket option IPV6_CHECKSUM.
When using the IPPROTO_IPV6 level socket option IPV6_CHECKSUM on a raw
IPv6 socket, ensure that the value is either -1 or a non-negative even
number.
Modified:
stable/11/sys/netinet6/ip6_output.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netinet6/ip6_output.c
==============================================================================
--- stable/11/sys/netinet6/ip6_output.c Thu May 16 11:09:53 2019 (r347685)
+++ stable/11/sys/netinet6/ip6_output.c Thu May 16 11:14:08 2019 (r347686)
@@ -2168,8 +2168,11 @@ ip6_raw_ctloutput(struct socket *so, struct sockopt *s
sizeof(optval));
if (error)
break;
- if ((optval % 2) != 0) {
- /* the API assumes even offset values */
+ if (optval < -1 || (optval % 2) != 0) {
+ /*
+ * The API assumes non-negative even offset
+ * values or -1 as a special value.
+ */
error = EINVAL;
} else if (so->so_proto->pr_protocol ==
IPPROTO_ICMPV6) {
More information about the svn-src-stable-11
mailing list