acassis commented on PR #18843: URL: https://github.com/apache/nuttx/pull/18843#issuecomment-4372202688
> * Do we need check in other ND messages? > @ankohuu yes, others ND msg also should be checked according with RFC 4861, so ICMPv6_NEIGHBOR_SOLICIT and ICMPv6_NEIGHBOR_ADVERTISE also should be checked (I will send a new PR to fix). But differently from ICMPV6_ROUTER_ADVERTISE they check only a single option (so no loop). That loop was causing an issue that could stall the devices. > * Do we need to verify that the generic option header is fully present before checking `opt->optlen == 0`? I mean the remaining bytes should be at least the generic option header size to keep the optlen is meaningful. > You are right, if ndx + sizeof(struct icmpv6_generic_s) > optlen then we will have an OOB, I will fix it as well. Thank you very much! > * If there are multiple options and the last one `optlen == 0`, we need to drop the whole packet, right? Now other options may take effect first. e.g. RA packets `ICMPv6_OPT_SRCLLADDR` + 0 len option Yes, unfortunately the RFC is ambiguous, it only said that I need to discard a packet with optlen 0. Fortunately my solution already fixes it because I do a "goto icmpv6_drop_packet" that will exit the entire loop. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
