Date: Mon, 7 Apr 2014 14:30:17 GMT From: Balaaji SP <sp.balaaji@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/188351: Application Crash on boundary value operation Message-ID: <201404071430.s37EUHUE054903@cgiserv.freebsd.org> Resent-Message-ID: <201404071440.s37Ee0Qt038862@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 188351 >Category: misc >Synopsis: Application Crash on boundary value operation >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 07 14:40:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Balaaji SP >Release: 8.1 >Organization: >Environment: amd64 >Description: Ping6 application crashes when executed with maximum packet data size option. Maximum allowed data bytes length should be 130768 and not 131024. EXTRA bytes is not accounted while calculating packet length. This happens because memory gets over-written by 256 bytes beyond the outpack buffer in to memory arena. >How-To-Repeat: Execute Ping6 with -s option with a value of 131024. Verify if the application has crashed. >Fix: Account EXTRA bytes in packet length. freebsd/sbin/ping6/ping6.c - #define MAXDATALEN MAXPACKETLEN - IP6LEN - ICMP6ECHOLEN +#define MAXDATALEN MAXPACKETLEN - IP6LEN - ICMP6ECHOLEN - EXTRA >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404071430.s37EUHUE054903>