projects
/
project
/
odhcp6c.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
569a7bb
)
Fix parsing empty IA_NA, IA_PD and invalid IA_ADDR options
author
Vladislav Grishenko
<themiron@mail.ru>
Fri, 10 Oct 2014 12:18:42 +0000
(18:18 +0600)
committer
Vladislav Grishenko
<themiron@mail.ru>
Fri, 10 Oct 2014 12:21:32 +0000
(18:21 +0600)
src/dhcpv6.c
patch
|
blob
|
history
diff --git
a/src/dhcpv6.c
b/src/dhcpv6.c
index 30c9fb2678f16ecd384b697a5c0635b919c7c2e3..ca41db6b48e88dd90d05b73eb270f4d585fc5c55 100644
(file)
--- a/
src/dhcpv6.c
+++ b/
src/dhcpv6.c
@@
-693,7
+693,7
@@
static bool dhcpv6_response_is_valid(const void *buf, ssize_t len,
rcmsg = odata[0];
} else if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)) {
ia_present = true;
rcmsg = odata[0];
} else if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)) {
ia_present = true;
- if (olen < sizeof(struct dhcpv6_ia_hdr))
+ if (olen <
-4 +
sizeof(struct dhcpv6_ia_hdr))
options_valid = false;
}
else if ((otype == DHCPV6_OPT_IA_ADDR) || (otype == DHCPV6_OPT_IA_PREFIX) ||
options_valid = false;
}
else if ((otype == DHCPV6_OPT_IA_ADDR) || (otype == DHCPV6_OPT_IA_PREFIX) ||
@@
-761,7
+761,7
@@
static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc,
dhcpv6_for_each_option(opt, end, otype, olen, odata) {
if (orig == DHCPV6_MSG_SOLICIT &&
(otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA) &&
dhcpv6_for_each_option(opt, end, otype, olen, odata) {
if (orig == DHCPV6_MSG_SOLICIT &&
(otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA) &&
- olen > sizeof(struct dhcpv6_ia_hdr)) {
+ olen >
-4 +
sizeof(struct dhcpv6_ia_hdr)) {
struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]);
dhcpv6_parse_ia(ia_hdr, odata + olen + sizeof(*ia_hdr));
}
struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]);
dhcpv6_parse_ia(ia_hdr, odata + olen + sizeof(*ia_hdr));
}
@@
-800,8
+800,8
@@
static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc,
struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
uint8_t *oend = odata + olen, *d;
dhcpv6_for_each_option(&h[1], oend, otype, olen, d) {
struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
uint8_t *oend = odata + olen, *d;
dhcpv6_for_each_option(&h[1], oend, otype, olen, d) {
- if (otype == DHCPV6_OPT_IA_PREFIX &&
(olen + 4) >=
-
(uint16_t)
sizeof(struct dhcpv6_ia_prefix)) {
+ if (otype == DHCPV6_OPT_IA_PREFIX &&
+
olen >= -4 +
sizeof(struct dhcpv6_ia_prefix)) {
struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix*)&d[-4];
have_pd = p->prefix;
}
struct dhcpv6_ia_prefix *p = (struct dhcpv6_ia_prefix*)&d[-4];
have_pd = p->prefix;
}
@@
-810,7
+810,8
@@
static int dhcpv6_handle_advert(enum dhcpv6_msg orig, const int rc,
struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
uint8_t *oend = odata + olen, *d;
dhcpv6_for_each_option(&h[1], oend, otype, olen, d)
struct dhcpv6_ia_hdr *h = (struct dhcpv6_ia_hdr*)&odata[-4];
uint8_t *oend = odata + olen, *d;
dhcpv6_for_each_option(&h[1], oend, otype, olen, d)
- if (otype == DHCPV6_OPT_IA_ADDR)
+ if (otype == DHCPV6_OPT_IA_ADDR &&
+ olen >= -4 + sizeof(struct dhcpv6_ia_addr))
have_na = true;
}
}
have_na = true;
}
}
@@
-930,7
+931,7
@@
static int dhcpv6_handle_reply(enum dhcpv6_msg orig, _unused const int rc,
bool passthru = true;
if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)
bool passthru = true;
if ((otype == DHCPV6_OPT_IA_PD || otype == DHCPV6_OPT_IA_NA)
- && olen > sizeof(struct dhcpv6_ia_hdr)) {
+ && olen >
-4 +
sizeof(struct dhcpv6_ia_hdr)) {
struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]);
// Test ID
struct dhcpv6_ia_hdr *ia_hdr = (void*)(&odata[-4]);
// Test ID