diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2022-08-12 12:08:55 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2022-08-12 12:08:55 +0000 |
| commit | 5bf53e5aa5dd395dedc99ce6fd1d8a7d0a05316e (patch) | |
| tree | 8b596c497423cdaf5ae96d6a0424ebc8cab7a370 /sys | |
| parent | 88f7f9b0a4ba35fdbcd64029618c7c714f4a64a1 (diff) | |
At successful return ip6_check_rh0hdr() keeps *offp unmodified.
The IPv6 routing header type 0 check should modify *offp only in
case of an error, so that the generated icmp6 packet has the correct
pointer.
OK sashan@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/netinet6/ip6_input.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 6a4c8c1d004..d71441d8dbb 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.250 2022/08/06 15:57:59 bluhm Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.251 2022/08/12 12:08:54 bluhm Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -695,21 +695,23 @@ ip6_check_rh0hdr(struct mbuf *m, int *offp) do { switch (proto) { case IPPROTO_ROUTING: - *offp = off; if (rh_cnt++) { /* more than one rh header present */ + *offp = off; return (1); } if (off + sizeof(rthdr) > lim) { /* packet to short to make sense */ + *offp = off; return (1); } m_copydata(m, off, sizeof(rthdr), &rthdr); if (rthdr.ip6r_type == IPV6_RTHDR_TYPE_0) { - *offp += offsetof(struct ip6_rthdr, ip6r_type); + *offp = off + + offsetof(struct ip6_rthdr, ip6r_type); return (1); } |