On Fri, Dec 08, 2017 at 07:36:03PM -0700, Alexander Bluhm wrote: > CVSROOT: /cvs > Module name: src > Changes by: bl...@cvs.openbsd.org 2017/12/08 19:36:03 > > Modified files: > sys/netmpls : Tag: OPENBSD_6_1 mpls_input.c > > Log message: > The per-interface mpls flag should also also be tested on input > before proceeding, as described in ifconfig documentation. > mpls_shim_pop() can return NULL. Check it else we end up dereferencing > NULL. > The adjttl functions use m_pullup(). In some cases m_pullup() can > return a new mbuf chain and this chain needs to be returned to the > caller else a use after free may happen. > Use m_freem() in error case. > Pullup the mbuf before accessing the version field in the IP header. > Fix the pullup length of the shim header in mpls_do_error(). > OpenBSD 6.2 errata 033
Issues reported by Maxime Villard; OK deraadt@ claudio@ benno@
