Hello,
On Thu, Aug 11, 2022 at 09:42:54PM +0200, Alexander Bluhm wrote:
> Hi,
>
> The IPv6 routing header type 0 check should modify *offp only in
> case of an error, so that the genrated icmp6 packet has the correct
> pointer. After successful return, *offp should not be modified.
makes sense to me.
>
> ok?
OK sashan
>
> bluhm
>
> Index: netinet6/ip6_input.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_input.c,v
> retrieving revision 1.250
> diff -u -p -r1.250 ip6_input.c
> --- netinet6/ip6_input.c 6 Aug 2022 15:57:59 -0000 1.250
> +++ netinet6/ip6_input.c 11 Aug 2022 19:36:22 -0000
> @@ -695,21 +695,23 @@ ip6_check_rh0hdr(struct mbuf *m, int *of
> do {
> switch (proto) {
> case IPPROTO_ROUTING:
> - *offp = off;
> if (rh_cnt++) {
> /* more than one rh header present */
> + *offp = off;
> return (1);
> }
>
> if (off + sizeof(rthdr) > lim) {
> /* packet to short to make sense */
> + *offp = off;
> return (1);
> }
>
> m_copydata(m, off, sizeof(rthdr), &rthdr);
>
> if (rthdr.ip6r_type == IPV6_RTHDR_TYPE_0) {
> - *offp += offsetof(struct ip6_rthdr, ip6r_type);
> + *offp = off +
> + offsetof(struct ip6_rthdr, ip6r_type);
> return (1);
> }
>
>
