Diffusion FreeBSD src repository - subversion rS337801

MFC r337784:
rS337801
Actions

Edit Commit
Download Raw Diff
Edit Related Objects...
Edit Revisions
Mute Notifications
Flag For Later
Award Token

Description

MFC r337784:

Drop 0-byte IPv6 fragments.

Currently, we process IPv6 fragments with 0 bytes of payload, add them
to the reassembly queue, and do not recognize them as duplicating or
overlapping with adjacent 0-byte fragments. An attacker can exploit this
to create long fragment queues.

There is no legitimate reason for a fragment with no payload. However,
because IPv6 packets with an empty payload are acceptable, allow an
"atomic" fragment with no payload.

Approved by: so
Security: FreeBSD-SA-18:10.ip
Security: CVE-2018-6923

Details

Provenance

jtl	Authored on

Parents

rS337800: libbe(3): Fix leaky faucets

Branches

Unknown

Tags

Unknown

Event Timeline

jtl committed rS337801: MFC r337784:.Aug 14 2018, 6:12 PM

Changes (2)

Path

Size

stable/

11/

sys/

netinet6/

frag6.c

rS337801

View Options

stable/11/

View Options

stable/11/sys/netinet6/frag6.c

MFC r337784:rS337801Actions

Description

Details

Event Timeline

Changes (2)

rS337801

stable/11/

stable/11/sys/netinet6/frag6.c

MFC r337784:
rS337801
Actions