[email protected] (Ryota Ozaki) writes:
>diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
>index ee4fc6fdfb3..a4a74c8009e 100644
>--- a/sys/netinet6/udp6_usrreq.c
>+++ b/sys/netinet6/udp6_usrreq.c
>@@ -668,10 +668,18 @@ udp6_output(struct in6pcb * const in6p, struct mbuf *m,
> if (addr6) {
> sin6 = addr6;
>+ if (sin6->sin6_len != sizeof(*sin6)) {
>+ error = EINVAL;
>+ goto release;
>+ }
> if (sin6->sin6_family != AF_INET6) {
> error = EAFNOSUPPORT;
> goto release;
> }
>+ if (sin6->sin6_port == 0) {
>+ error = EADDRNOTAVAIL;
>+ goto release;
>+ }
The port validation is already done a few lines below,
but the comment when using the port is a bit strange:
fport = sin6->sin6_port; /* allow 0 port */
Apparently that comment (and the port check) already
existed when the initial version was imported.
--
--
Michael van Elst
Internet: [email protected]
"A potential Snark may lurk in every tree."
