Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Sep 2019 14:07:30 -0000
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r346400 - head/sys/netinet6
Message-ID:  <201904191717.x3JHHg24025421@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: tuexen
Date: Fri Apr 19 17:17:41 2019
New Revision: 346400
URL: https://svnweb.freebsd.org/changeset/base/346400

Log:
  Improve input validation for the socket option IPV6_CHECKSUM.
  
  When using the IPPROTO_IPV6 level socket option IPV6_CHECKSUM on a raw
  IPv6 socket, ensure that the value is either -1 or a non-negative even
  number.
  
  Reviewed by:		bz@, thj@
  MFC after:		1 week
  Sponsored by:		Netflix, Inc.
  Differential Revision:	https://reviews.freebsd.org/D19966

Modified:
  head/sys/netinet6/ip6_output.c

Modified: head/sys/netinet6/ip6_output.c
==============================================================================
--- head/sys/netinet6/ip6_output.c	Fri Apr 19 17:15:58 2019	(r346399)
+++ head/sys/netinet6/ip6_output.c	Fri Apr 19 17:17:41 2019	(r346400)
@@ -2221,8 +2221,11 @@ ip6_raw_ctloutput(struct socket *so, struct sockopt *s
 					    sizeof(optval));
 			if (error)
 				break;
-			if ((optval % 2) != 0) {
-				/* the API assumes even offset values */
+			if (optval < -1 || (optval % 2) != 0) {
+				/*
+				 * The API assumes non-negative even offset
+				 * values or -1 as a special value.
+				 */
 				error = EINVAL;
 			} else if (so->so_proto->pr_protocol ==
 			    IPPROTO_ICMPV6) {





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904191717.x3JHHg24025421>