• YOSHIFUJI Hideaki's avatar
    [IPv6]: Fix incorrect length check in rawv6_sendmsg() · b59e139b
    YOSHIFUJI Hideaki authored
    In article <20070329.142644.70222545.davem@davemloft.net> (at Thu, 29 Mar 2007 14:26:44 -0700 (PDT)), David Miller <davem@davemloft.net> says:
    
    > From: Sridhar Samudrala <sri@us.ibm.com>
    > Date: Thu, 29 Mar 2007 14:17:28 -0700
    >
    > > The check for length in rawv6_sendmsg() is incorrect.
    > > As len is an unsigned int, (len < 0) will never be TRUE.
    > > I think checking for IPV6_MAXPLEN(65535) is better.
    > >
    > > Is it possible to send ipv6 jumbo packets using raw
    > > sockets? If so, we can remove this check.
    >
    > I don't see why such a limitation against jumbo would exist,
    > does anyone else?
    >
    > Thanks for catching this Sridhar.  A good compiler should simply
    > fail to compile "if (x < 0)" when 'x' is an unsigned type, don't
    > you think :-)
    
    Dave, we use "int" for returning value,
    so we should fix this anyway, IMHO;
    we should not allow len > INT_MAX.
    Signed-off-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
    Acked-by: default avatarSridhar Samudrala <sri@us.ibm.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    b59e139b
udp.c 24.1 KB