+-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+
| > | Check looks correct, it should probably return 1.
| >
| > Function comment says return 1 if 'm' is valid and should be appended via
| > sbappend(). Not sure if unprocessed 'm' should go to sbappend().
|
| If you look at the rest of the fun
Hi
On Fri, Jan 11, 2019 at 1:18 PM P J P wrote:
>
> +-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+
> | > +if (m->m_len > so_rcv->sb_datalen
> | > +- (so_rcv->sb_wptr - so_rcv->sb_data)) {
> | > +m_free(m);
> | > +return
+-- On Fri, 11 Jan 2019, Marc-André Lureau wrote --+
| > +if (m->m_len > so_rcv->sb_datalen
| > +- (so_rcv->sb_wptr - so_rcv->sb_data)) {
| > +m_free(m);
| > +return 0;
| > +}
|
| Check looks correct, it should pro
Hi
On Fri, Jan 11, 2019 at 12:31 PM P J P wrote:
>
> From: Prasad J Pandit
>
> While emulating identification protocol, tcp_emu() does not check
> available space in the 'sc_rcv->sb_data' buffer. It could lead to
> heap buffer overflow issue. Add check to avoid it.
>
> Reported-by: Kira <864786.
