Date: Wed, 1 Oct 2014 18:58:58 +0200 From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: UDP/IPv6 handling Message-ID: <B30E0A41-51B0-442C-9476-0D9E99C0D37C@lurchi.franken.de>
next in thread | raw e-mail | index | archive | help
Dear all,
in udp6_input() we have the following code:
if (nxt =3D=3D IPPROTO_UDP && plen !=3D ulen) {
UDPSTAT_INC(udps_badlen);
goto badunlocked;
}=20
/*
* Checksum extended UDP header and data.
*/
if (uh->uh_sum =3D=3D 0) {
if (ulen > plen || ulen < sizeof(struct udphdr)) {
UDPSTAT_INC(udps_nosum);
goto badunlocked;
}
}
I'm trying to understand the UDP code path...
So (ulen > plen) can't be true. I'm wondering why do we only check the =
ulen is not too
short only in the case when the UDP checksum is zero. A zero checksum =
should also never happen.
I think we should check for ulen < sizeof(struct udphdr) in any case.
Opinions?
Best regards
Michael=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B30E0A41-51B0-442C-9476-0D9E99C0D37C>