The check for length in rawv6_sendmsg() is incorrect.
As len is an unsigned int, (len < 0) will never be TRUE.
I think checking for IPV6_MAXPLEN(65535) is better.
Is it possible to send ipv6 jumbo packets using raw
sockets? If so, we can remove this check.
Thanks
Sridhar
Signed-off-by: Sridhar Samudrala <[EMAIL PROTECTED]>
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 306d5d8..dc11ec3 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -686,10 +686,7 @@ static int rawv6_sendmsg(struct kiocb *i
u16 proto;
int err;
- /* Rough check on arithmetic overflow,
- better check is made in ip6_build_xmit
- */
- if (len < 0)
+ if (len > IPV6_MAXPLEN)
return -EMSGSIZE;
/* Mirror BSD error message compatibility */
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
