diff options
| author | Bill Sommerfeld <sommerfeld@sun.com> | 2009-01-27 11:06:07 -0500 |
|---|---|---|
| committer | Bill Sommerfeld <sommerfeld@sun.com> | 2009-01-27 11:06:07 -0500 |
| commit | 5002eb587d788b087976d3dc1f1a50b902f39da7 (patch) | |
| tree | d6d57b1eef2a42596bfaa33c58b2237a1e8440a4 /usr/src | |
| parent | 2ce5611e30a791a9f4fb0297cca4c7c090f2277d (diff) | |
| download | illumos-gate-5002eb587d788b087976d3dc1f1a50b902f39da7.tar.gz | |
6797796 IPv6-header-only will reach supposedly unreachable code
Diffstat (limited to 'usr/src')
| -rw-r--r-- | usr/src/uts/common/inet/ip/ip6.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/usr/src/uts/common/inet/ip/ip6.c b/usr/src/uts/common/inet/ip/ip6.c index 21f73f66c9..3b347d552c 100644 --- a/usr/src/uts/common/inet/ip/ip6.c +++ b/usr/src/uts/common/inet/ip/ip6.c @@ -6734,7 +6734,7 @@ discard: */ #define IPSEC_HDR_DONT_PROCESS 0 #define IPSEC_HDR_PROCESS 1 -#define IPSEC_MEMORY_ERROR 2 +#define IPSEC_MEMORY_ERROR 2 /* or malformed packet */ static int ipsec_needs_processing_v6(mblk_t *mp, uint8_t *nexthdr) { @@ -6819,8 +6819,10 @@ ipsec_needs_processing_v6(mblk_t *mp, uint8_t *nexthdr) length += ehdrlen; whereptr += ehdrlen; } - panic("ipsec_needs_processing_v6"); - /*NOTREACHED*/ + /* + * Malformed/truncated packet. + */ + return (IPSEC_MEMORY_ERROR); } /* @@ -7860,10 +7862,13 @@ tcp_fanout: uint8_t *optptr; ip6_dest_t *desthdr; + /* If packet is too short, look no further */ + if (remlen < MIN_EHDR_LEN) + goto pkt_too_short; + /* Check if AH is present. */ if (ipsec_early_ah_v6(q, first_mp, mctl_present, ill, inill, hada_mp, zoneid)) { - ip0dbg(("dst early hada drop\n")); return; } @@ -7876,9 +7881,6 @@ tcp_fanout: (uintptr_t)(whereptr - ((uint8_t *)ip6h))); ip6h = (ip6_t *)mp->b_rptr; - if (remlen < MIN_EHDR_LEN) - goto pkt_too_short; - desthdr = (ip6_dest_t *)whereptr; nexthdr = desthdr->ip6d_nxt; prev_nexthdr_offset = (uint_t)(whereptr - @@ -8027,10 +8029,13 @@ tcp_fanout: uint_t ehdrlen; ip6_rthdr_t *rthdr; + /* If packet is too short, look no further */ + if (remlen < MIN_EHDR_LEN) + goto pkt_too_short; + /* Check if AH is present. */ if (ipsec_early_ah_v6(q, first_mp, mctl_present, ill, inill, hada_mp, zoneid)) { - ip0dbg(("routing hada drop\n")); return; } @@ -8043,8 +8048,6 @@ tcp_fanout: (uintptr_t)(whereptr - ((uint8_t *)ip6h))); ip6h = (ip6_t *)mp->b_rptr; - if (remlen < MIN_EHDR_LEN) - goto pkt_too_short; rthdr = (ip6_rthdr_t *)whereptr; nexthdr = rthdr->ip6r_nxt; prev_nexthdr_offset = (uint_t)(whereptr - |