freebsd-nq/usr.sbin/rtsold
Mark Johnston 1af332a7d8 rtsold: Fix validation of RDNSS options
The header specifies the size of the option in multiples of eight bytes.
The option consists of an eight-byte header followed by one or more IPv6
addresses, so the option is invalid if the size is not equal to 1+2n for
some n>0.  Check this.

The bug can cause random stack data to be formatted as an IPv6 address
and passed to resolvconf(8), but a host able to trigger the bug may also
specify arbitrary addresses this way.

Reported by:	Q C <cq674350529@gmail.com>
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2021-03-21 14:19:42 -04:00
..
cap_llflags.c rtsold: Fix bugs reported by Coverity 2020-12-02 16:46:45 +00:00
cap_script.c
cap_sendmsg.c
dump.c rtsold: Fix bugs reported by Coverity 2020-12-02 16:46:45 +00:00
if.c rtsold: Fix bugs reported by Coverity 2020-12-02 16:46:45 +00:00
Makefile
Makefile.depend
Makefile.depend.options
rtsock.c rtsold: Fix bugs reported by Coverity 2020-12-02 16:46:45 +00:00
rtsol.c rtsold: Fix validation of RDNSS options 2021-03-21 14:19:42 -04:00
rtsold.8
rtsold.c Simplify using nvlist_append_string_array(). 2021-03-08 12:03:32 +09:00
rtsold.h