kern/66386: Buffer overrun in the 'in_pcbopts' function.
Andrei Iltchenko
iltchenko at yahoo.com
Mon May 10 13:00:43 PDT 2004
The following reply was made to PR kern/66386; it has been noted by GNATS.
From: Andrei Iltchenko <iltchenko at yahoo.com>
To: Maxim Konovalov <maxim at macomnet.ru>
Cc: bug-followup at freebsd.org
Subject: Re: kern/66386: Buffer overrun in the 'in_pcbopts' function.
Date: Mon, 10 May 2004 12:53:14 -0700 (PDT)
Yes, I did mean "(unsigned)cnt - (IPOPT_MINOFF - 1))".
Sorry for the slipup.
Regards,
Andrei.
--- Maxim Konovalov <maxim at macomnet.ru> wrote:
>
> Did you mean "(unsigned)cnt - (IPOPT_MINOFF - 1))"?
>
> Index: ip_output.c
>
===================================================================
> RCS file: /home/ncvs/src/sys/netinet/ip_output.c,v
> retrieving revision 1.215
> diff -u -r1.215 ip_output.c
> --- ip_output.c 14 Apr 2004 01:13:14 -0000 1.215
> +++ ip_output.c 9 May 2004 13:40:41 -0000
> @@ -1735,7 +1735,7 @@
> */
> bcopy((&cp[IPOPT_OFFSET+1] + sizeof(struct
> in_addr)),
> &cp[IPOPT_OFFSET+1],
> - (unsigned)cnt + sizeof(struct in_addr));
> + (unsigned)cnt - (IPOPT_MINOFF - 1));
> break;
> }
> }
> %%%
>
> --
> Maxim Konovalov
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
More information about the freebsd-bugs
mailing list