Dear all,
in udp6_input() we have the following code:
if (nxt == IPPROTO_UDP && plen != ulen) {
UDPSTAT_INC(udps_badlen);
goto badunlocked;
}
/*
* Checksum extended UDP header and data.
*/
if (uh->uh_sum == 0) {
if (ulen > plen || ulen < sizeof(struct udphdr)) {
UDPSTAT_INC(udps_nosum);
goto badunlocked;
}
}
I'm trying to understand the UDP code path...
So (ulen > plen) can't be true. I'm wondering why do we only check the ulen is
not too
short only in the case when the UDP checksum is zero. A zero checksum should
also never happen.
I think we should check for ulen < sizeof(struct udphdr) in any case.
Opinions?
Best regards
Michael
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
