Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

uip-nd6: Check buffer space for ND6 option headers. #1654

Merged
merged 1 commit into from Oct 6, 2021

Conversation

nvt
Copy link
Member

@nvt nvt commented Sep 28, 2021

When processing incoming IPv6 neighbor solicitation packets, it is possible for an out-of-bounds read to occur because there are insufficient checks for space with regards to ND option headers.

This PR adds a check for first reading the generic 2-byte option header, and then one check for reading the source-link-layer address option (SLLAO). Note that we are currently only supporting SLLAOs using UIP_LLADDR_LEN bytes for the address.

Copy link
Member

@nfi nfi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

os/net/ipv6/uip-nd6.c Outdated Show resolved Hide resolved
@nfi nfi merged commit e58b583 into contiki-ng:develop Oct 6, 2021
17 checks passed
@nvt nvt deleted the verify-nd6-sllao branch June 10, 2022 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants