OpenBSD IPV6 bug found

Matthew Dillon dillon at
Sun Apr 1 20:51:37 PDT 2007

:If DF uses any OpenBSD code in IPV6, this may be on-topic,
:otherwise it's merely entertaining ;o)

    Our m_dup1 code is completely different, and insofar as I can tell
    not vulnerable.  It looks like OpenBSD originally assumed that there
    was MHLEN of packet data for mbufs marked as being headers, which
    would not be true if the ICMP header is fragmented.

    I don't even think we even allow packet headers to be fragmented in
    our stack.

					Matthew Dillon 
					<dillon at>

More information about the Users mailing list