OpenBSD IPV6 bug found
Matthew Dillon
dillon at apollo.backplane.com
Sun Apr 1 20:51:37 PDT 2007
:If DF uses any OpenBSD code in IPV6, this may be on-topic,
:otherwise it's merely entertaining ;o)
:
:http://open.itworld.com/4918/070315openbsd/page_1.html
Our m_dup1 code is completely different, and insofar as I can tell
not vulnerable. It looks like OpenBSD originally assumed that there
was MHLEN of packet data for mbufs marked as being headers, which
would not be true if the ICMP header is fragmented.
I don't even think we even allow packet headers to be fragmented in
our stack.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Users
mailing list