https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247129
--- Comment #4 from Mark Johnston <[email protected]> --- (In reply to nikethmurali from comment #3) A couple more comments: Changing dlen to be unsigned seems dangerous. For example, we have: 450 dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2); 451 if (dlen < ICMP_MINLEN) 452 return (PKT_ALIAS_IGNORED); What happens if a malicious packet defines a header length longer than ip_len? If dlen is unsigned, it will end up being a large number and will pass the subsequent check. Regarding the alignment issue, wouldn't it be simpler to modify each of ProtoAliasIn/Out and FragmentIn/Out to take a struct ip * as input, and have them update fields directly? Then those functions know that the ip address fields are not necessarily self-aligned and the compiler can handle it. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
