net: ipv6: Do not access link address past array length
It is possible to manually set link address length past 6 at runtime and trying to check IPv6 ll address that way. This should fail as we could read two bytes past the address buffer. Coverity-CID: 516242 Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This commit is contained in:
parent
e44ed8dbb8
commit
d718b46ddb
1 changed files with 4 additions and 0 deletions
|
@ -1536,6 +1536,10 @@ static inline bool net_ipv6_addr_based_on_ll(const struct in6_addr *addr,
|
|||
|
||||
break;
|
||||
case 8:
|
||||
if (sizeof(lladdr->addr) < 8) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!memcmp(&addr->s6_addr[9], &lladdr->addr[1],
|
||||
lladdr->len - 1) &&
|
||||
(addr->s6_addr[8] ^ 0x02) == lladdr->addr[0]) {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue