Module Name: src
Committed By: drochner
Date: Mon Feb 21 22:54:45 UTC 2011
Modified Files:
src/sys/netipsec: ipsec_input.c
Log Message:
adopt a fix from OpenBSD: when scanning the IPv6 header chain, take
into account that the extension header type is not in the extension
header itself but in the previous one -- this makes a difference
because (a) the length field is different for AH than for all others
and (b) the offset of the "next type" field isn't the same in primary
and extension headers.
(I didn't manage to trigger the bug in my tests, no extension headers
besides AH made it to that point. Didn't try hard enough -- the fix
is still valid.)
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/sys/netipsec/ipsec_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
