CVS: cvs.openbsd.org: src

Florian Obser Fri, 22 May 2026 03:12:57 -0700

CVSROOT:        /cvs
Module name:    src
Changes by:     [email protected] 2026/05/22 04:12:40


Modified files:
        sbin/dhcp6leased: engine.c 
        sbin/slaacd    : engine.c 

Log message:
Ingore packages with invalid prefixlen.

Rouge router advertisements with a prefixlen > 128 would make slaacd
exit with a fatal error, leading to a denial of service.

The same issue exists in dhcp6leased where a rouge prefix delegation
would make dhcp6leased exit with a fatal error, leading to a denial of
service.

Pointed out by Ivan of Quarkslab.

input & OK deraadt

CVS: cvs.openbsd.org: src

Reply via email to