[Bug 247129] [PATCH] Fix some compiler warnings in netinet alias module

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247129

--- Comment #4 from Mark Johnston <markj at FreeBSD.org> ---
(In reply to nikethmurali from comment #3)
A couple more comments:

Changing dlen to be unsigned seems dangerous.  For example, we have:

 450         dlen = ntohs(pip->ip_len) - (pip->ip_hl << 2);                     
 451         if (dlen < ICMP_MINLEN)                                            
 452                 return (PKT_ALIAS_IGNORED);

What happens if a malicious packet defines a header length longer than ip_len? 
If dlen is unsigned, it will end up being a large number and will pass the
subsequent check.

Regarding the alignment issue, wouldn't it be simpler to modify each of
ProtoAliasIn/Out and FragmentIn/Out to take a struct ip * as input, and have
them update fields directly?  Then those functions know that the ip address
fields are not necessarily self-aligned and the compiler can handle it.

-- 
You are receiving this mail because:
You are the assignee for the bug.