Project

General

Profile

Actions

Bug #2810

closed

In kernel file src/sys/netinet6/nd6_nbr.c, two mbuf size comparisons are erroneous

Added by fenyo almost 9 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Category:
Kernel
Target version:
-
Start date:
04/10/2015
Due date:
% Done:

0%

Estimated time:

Description

In src/sys/netinet6/nd6_nbr.c, there are two times the same minor bug:

At first, in this part of the file:
-----------------------------
if (max_linkhdr + maxlen >= MCLBYTES) {
#ifdef DIAGNOSTIC
kprintf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES "
"(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
#endif
return;
}
-----------------------------

There is two times the same little mistake in this code: the two ">=" should be changed to ">"
(note that it is correctly written in the last line of the kprintf: "(%d + %d > %d)\n").

This is a bug because if the packet need exactly MCLBYTES, it is possible to process it, but the code returns without having processed the packet.

Anyway, it is a minor bug because this case should never happen since the Neighbor Advertisement and Neighbor Solicitation packets are always small enough to be contained in a single MBUF cluster.
But the code is wrong, it would be nicer if corrected.

Secondly, the same bug appears later in the same file:
-----------------------------------
if (max_linkhdr + maxlen >= MCLBYTES) {
#ifdef DIAGNOSTIC
kprintf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES "
"(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
#endif
return;
-----------------------------------

Here again, the two "=>" should be changed to ">".

Actions #1

Updated by swildner almost 8 years ago

  • Status changed from New to Closed
Actions

Also available in: Atom PDF