Skip to content
Permalink
Browse files Browse the repository at this point in the history
CVE-2017-13725/IPv6 R.H.: Check for the existence of all fields befor…
…e fetching them.

Don't fetch the length field from the header until after we've checked
for the existence of a field at or after that field.

(Found by code inspection, not by a capture.)
  • Loading branch information
guyharris authored and infrastation committed Sep 13, 2017
1 parent 66df248 commit 3c4d7c0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion print-rt6.c
Expand Up @@ -45,13 +45,13 @@ rt6_print(netdissect_options *ndo, register const u_char *bp, const u_char *bp2
register const struct in6_addr *addr;

dp = (const struct ip6_rthdr *)bp;
len = dp->ip6r_len;

/* 'ep' points to the end of available data. */
ep = ndo->ndo_snapend;

ND_TCHECK(dp->ip6r_segleft);

len = dp->ip6r_len;
ND_PRINT((ndo, "srcrt (len=%d", dp->ip6r_len)); /*)*/
ND_PRINT((ndo, ", type=%d", dp->ip6r_type));
ND_PRINT((ndo, ", segleft=%d", dp->ip6r_segleft));
Expand Down

0 comments on commit 3c4d7c0

Please sign in to comment.