OpenBSD IPV6 bug found

Matthew Dillon dillon at apollo.backplane.com
Sun Apr 1 20:51:37 PDT 2007


:If DF uses any OpenBSD code in IPV6, this may be on-topic,
:otherwise it's merely entertaining ;o)
:
:http://open.itworld.com/4918/070315openbsd/page_1.html

    Our m_dup1 code is completely different, and insofar as I can tell
    not vulnerable.  It looks like OpenBSD originally assumed that there
    was MHLEN of packet data for mbufs marked as being headers, which
    would not be true if the ICMP header is fragmented.

    I don't even think we even allow packet headers to be fragmented in
    our stack.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Users mailing list