Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libndp: valid route information option length
RFC 4191 specifies that the Route Information Option Length should be 1, 2, or 3, depending on the Prefix Length. A malicious node could potentially trigger a buffer overflow and crash the tool by sending an IPv6 router advertisement message containing the "Route Information" option with a "Length" field larger than 3. To address this, add a check on the length field. Fixes: 8296a5b ("add support for Route Information Option (rfc4191)") Reported-by: Evgeny Vereshchagin <evverx@gmail.com> Suggested-by: Felix Maurer <fmaurer@redhat.com> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: Jiri Pirko <jiri@nvidia.com>
- Loading branch information