Skip to content

Commit 3c4d7c0

Browse files
guyharrisinfrastation
authored andcommitted
CVE-2017-13725/IPv6 R.H.: Check for the existence of all fields before fetching them.
Don't fetch the length field from the header until after we've checked for the existence of a field at or after that field. (Found by code inspection, not by a capture.)
1 parent 66df248 commit 3c4d7c0

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: print-rt6.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -45,13 +45,13 @@ rt6_print(netdissect_options *ndo, register const u_char *bp, const u_char *bp2
4545
register const struct in6_addr *addr;
4646

4747
dp = (const struct ip6_rthdr *)bp;
48-
len = dp->ip6r_len;
4948

5049
/* 'ep' points to the end of available data. */
5150
ep = ndo->ndo_snapend;
5251

5352
ND_TCHECK(dp->ip6r_segleft);
5453

54+
len = dp->ip6r_len;
5555
ND_PRINT((ndo, "srcrt (len=%d", dp->ip6r_len)); /*)*/
5656
ND_PRINT((ndo, ", type=%d", dp->ip6r_type));
5757
ND_PRINT((ndo, ", segleft=%d", dp->ip6r_segleft));

0 commit comments

Comments
 (0)