Bug #2810
closed
In kernel file src/sys/netinet6/nd6_nbr.c, two mbuf size comparisons are erroneous
0%
Description
In src/sys/netinet6/nd6_nbr.c, there are two times the same minor bug:
At first, in this part of the file:
-----------------------------
if (max_linkhdr + maxlen >= MCLBYTES) {
#ifdef DIAGNOSTIC
kprintf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES "
"(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
#endif
return;
}
-----------------------------
There is two times the same little mistake in this code: the two ">=" should be changed to ">"
(note that it is correctly written in the last line of the kprintf: "(%d + %d > %d)\n").
This is a bug because if the packet need exactly MCLBYTES, it is possible to process it, but the code returns without having processed the packet.
Anyway, it is a minor bug because this case should never happen since the Neighbor Advertisement and Neighbor Solicitation packets are always small enough to be contained in a single MBUF cluster.
But the code is wrong, it would be nicer if corrected.
Secondly, the same bug appears later in the same file:
-----------------------------------
if (max_linkhdr + maxlen >= MCLBYTES) {
#ifdef DIAGNOSTIC
kprintf("nd6_na_output: max_linkhdr + maxlen >= MCLBYTES "
"(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES);
#endif
return;
-----------------------------------
Here again, the two "=>" should be changed to ">".
Updated by swildner over 8 years ago
- Status changed from New to Closed
I've pushed the changes. See http://lists.dragonflybsd.org/pipermail/commits/2016-June/500528.html
Thanks
Sascha