diff options
author | Shan Wei <shanwei@cn.fujitsu.com> | 2008-06-10 15:50:55 +0800 |
---|---|---|
committer | YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | 2008-06-12 09:19:08 +0900 |
commit | e8766fc86b34d44a8c55a2f9d71da69e091b1ca4 (patch) | |
tree | c96952c8a6250c48036adcf51c6ef0bcc8d8c770 | |
parent | 36e3deae8ba84865fd9eb3f2f21bbc00d49b7544 (diff) | |
download | linux-e8766fc86b34d44a8c55a2f9d71da69e091b1ca4.tar.gz linux-e8766fc86b34d44a8c55a2f9d71da69e091b1ca4.tar.bz2 linux-e8766fc86b34d44a8c55a2f9d71da69e091b1ca4.zip |
ipv6: Check the hop limit setting in ancillary data.
When specifing the outgoing hop limit as ancillary data for sendmsg(),
the kernel doesn't check the integer hop limit value as specified in
[RFC-3542] section 6.3.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
-rw-r--r-- | net/ipv6/datagram.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index b9c2de84a8a2..0f0f94a40335 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -705,6 +705,11 @@ int datagram_send_ctl(struct net *net, } *hlimit = *(int *)CMSG_DATA(cmsg); + if (*hlimit < -1 || *hlimit > 0xff) { + err = -EINVAL; + goto exit_f; + } + break; case IPV6_TCLASS: |