From owner-freebsd-net@FreeBSD.ORG Mon Apr 16 20:26:11 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9CCDF16A401 for ; Mon, 16 Apr 2007 20:26:11 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.freebsd.org (Postfix) with ESMTP id 2F19213C4AE for ; Mon, 16 Apr 2007 20:26:11 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.64.181.183] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis), id 0ML25U-1HdXm53fpY-0007Rw; Mon, 16 Apr 2007 22:26:10 +0200 From: Max Laier Organization: FreeBSD To: Mike Makonnen Date: Mon, 16 Apr 2007 22:25:59 +0200 User-Agent: KMail/1.9.5 References: <20070416101609.GA2137@rogue.navcom.lan> In-Reply-To: <20070416101609.GA2137@rogue.navcom.lan> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6362414.9bXbKn86yi"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200704162226.08931.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19X259zfdZ9g6aNw6jEFa/8ngyvlI1lCt/iLUI siLqqgyWXoi+7iH8oxU0A2I/Rsu2WfZY6w6639TZhQSCg7dowC C1qUhtjNbOS30Ux/773ew== Cc: freebsd-net@freebsd.org Subject: Re: ping6 extension headers bounds checking X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2007 20:26:11 -0000 --nextPart6362414.9bXbKn86yi Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 16 April 2007 12:16, Mike Makonnen wrote: > Hello folks, > > Please review the attached patch for ping6(8) to fix PR kern/99425 > > You can attach extra headers to the ping6 packet by specifying, for > example, extra routing information. This information is sent as > control data with sendmsg(2) and when you get a reply is received > as control data from recvmsg(2). > > In a nutshell, there are 2 problems: > 1. The buffer supplied to recvmsg(2) to hold control (ancillary) > data is, in some cases, too small to hold all the extra headers. > 2. In verbose mode, when printing out the control data, it doesn't > check to make sure that the stated length of the headers is > within the bounds of the buffer. > > To address this I increased the buffer supplied to recvmsg(2) to the > minimum required by rfc 3542 (10420 bytes) and I modified the > functions that print the extra header information to print a > warning if the buffer is too small and to print only as much > information as contained in the buffer. I think it'd be better to supply the print functions with the rest of the=20 bufferlen instead of an offset. This way only the caller has to know the=20 size of the buffer - btw, do we get a result back i.e. how much buffer=20 was used. In addition you could check if the offset in the for-loop of=20 the caller is within bounds, before even attempting to call further. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart6362414.9bXbKn86yi Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBGI9vgXyyEoT62BG0RAmj+AJ9ZGpLgiwJxCUV5XIdLK6O2Jc9c5wCeIcEM qJRWRvAG4ca23DcrLnY/93g= =QBzG -----END PGP SIGNATURE----- --nextPart6362414.9bXbKn86yi--