[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02523) Bug in ipv6_skip_exthdr?

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02523) Bug in ipv6_skip_exthdr?
From: 藤田隆興 <fujita.takaoki@xxxxxxxxxxxxxxxx>
Date: Thu, 04 Sep 2003 13:26:15 +0900
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hi,

I found bug in ipv6_skip_exthdr of STABLE Release 4.1.

Following code in ipv6_skip_exthdr(ipv6/exthdrs.c)
'hdr' cast to 'struct frag_hdr' and read 'frag_off',
But 'hdr' is 2 bytes, so I think it couldn't get valid frag_off data.

Fragment Reassembly(Payload size=65536) in TAHI Test sometimes FAIL by this bug.

--------------------------------------------------------------
    struct ipv6_opt_hdr hdr;
       .
       .
    if (nexthdr == NEXTHDR_FRAGMENT) {
        struct frag_hdr *fhdr = (struct frag_hdr *) &hdr;
        if (ntohs(fhdr->frag_off) & ~0x7)
            break;
        hdrlen = 8;
    } else if (nexthdr == NEXTHDR_AUTH)
--------------------------------------------------------------

Sorry, I don't know how to fix this.

Prev by Date: (usagi-users 02522) Re: mobile ipv6
Next by Date: (usagi-users 02524) Re: Welcome to our (usagi-users ML) You are added automatically
Previous by thread: (usagi-users 02521) tahi
Next by thread: (usagi-users 02524) Re: Welcome to our (usagi-users ML) You are added automatically
Index(es):
- Date
- Thread