d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- always check for optlen overrun.

Browse Source 
- panic if NULL is passed to ah_sumsiz (as we never do it,
  and callers do not properly check negative returns).

Obtained from:	KAME
This commit is contained in:
Hajimu UMEMOTO 2003-10-12 11:18:04 +00:00
parent 61dbcc0d05
commit 83ca448c94
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/netinet6/ah_core.c
View File

@ -220,7 +220,7 @@ ah_sumsiz_1216(sav)
struct secasvar *sav;
{
if (!sav)
return -1;
panic("ah_sumsiz_1216: null pointer is passed");
if (sav->flags & SADB_X_EXT_OLD)
return 16;
else
@ -232,7 +232,7 @@ ah_sumsiz_zero(sav)
struct secasvar *sav;
{
if (!sav)
return -1;
panic("ah_sumsiz_zero: null pointer is passed");
return 0;
}
@ -1571,11 +1571,18 @@ ah6_calccksum(m, ahdat, len, algo, sav)
goto fail;
}
optlen = optp[1] + 2;
if (optp[0] & IP6OPT_MUTABLE)
bzero(optp + 2, optlen - 2);
}
if (optp + optlen > optend) {
error = EINVAL;
m_free(n);
n = NULL;
goto fail;
}
if (optp[0] & IP6OPT_MUTABLE)
bzero(optp + 2, optlen - 2);
optp += optlen;
}