From owner-freebsd-bugs@FreeBSD.ORG Mon Apr 7 14:40:01 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 59727F20 for ; Mon, 7 Apr 2014 14:40:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1DE3E7D0 for ; Mon, 7 Apr 2014 14:40:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s37Ee0wm038864 for ; Mon, 7 Apr 2014 14:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s37Ee0Qt038862; Mon, 7 Apr 2014 14:40:00 GMT (envelope-from gnats) Resent-Date: Mon, 7 Apr 2014 14:40:00 GMT Resent-Message-Id: <201404071440.s37Ee0Qt038862@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Balaaji SP Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 81BF0934 for ; Mon, 7 Apr 2014 14:30:18 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F494660 for ; Mon, 7 Apr 2014 14:30:18 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s37EUICK055124 for ; Mon, 7 Apr 2014 14:30:18 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s37EUHUE054903; Mon, 7 Apr 2014 14:30:17 GMT (envelope-from nobody) Message-Id: <201404071430.s37EUHUE054903@cgiserv.freebsd.org> Date: Mon, 7 Apr 2014 14:30:17 GMT From: Balaaji SP To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/188351: Application Crash on boundary value operation X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2014 14:40:01 -0000 >Number: 188351 >Category: misc >Synopsis: Application Crash on boundary value operation >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 07 14:40:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Balaaji SP >Release: 8.1 >Organization: >Environment: amd64 >Description: Ping6 application crashes when executed with maximum packet data size option. Maximum allowed data bytes length should be 130768 and not 131024. EXTRA bytes is not accounted while calculating packet length. This happens because memory gets over-written by 256 bytes beyond the outpack buffer in to memory arena. >How-To-Repeat: Execute Ping6 with -s option with a value of 131024. Verify if the application has crashed. >Fix: Account EXTRA bytes in packet length. freebsd/sbin/ping6/ping6.c - #define MAXDATALEN MAXPACKETLEN - IP6LEN - ICMP6ECHOLEN +#define MAXDATALEN MAXPACKETLEN - IP6LEN - ICMP6ECHOLEN - EXTRA >Release-Note: >Audit-Trail: >Unformatted: