mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-11 01:20:50 +02:00
F-5246 - Check IPv6 extension header fits before dereference in sniffer
This commit is contained in:
+7
-1
@@ -2138,7 +2138,13 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error)
|
||||
if (iphdr->next_header != TCP_PROTOCOL) {
|
||||
Ip6ExtHdr* exthdr = (Ip6ExtHdr*)((byte*)iphdr + IP6_HDR_SZ);
|
||||
do {
|
||||
int hdrsz = (exthdr->length + 1) * 8;
|
||||
int hdrsz;
|
||||
/* make sure the extension header is fully present before reading */
|
||||
if (length - exthdrsz < (int)sizeof(Ip6ExtHdr)) {
|
||||
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
}
|
||||
hdrsz = (exthdr->length + 1) * 8;
|
||||
if (hdrsz > length - exthdrsz) {
|
||||
SetError(PACKET_HDR_SHORT_STR, error, NULL, 0);
|
||||
return WOLFSSL_FATAL_ERROR;
|
||||
|
||||
Reference in New Issue
Block a user