From: Jouni Malinen Date: Fri, 28 Nov 2014 17:44:58 +0000 (+0200) Subject: proxyarp: Relax frame length limit for RA and NA X-Git-Tag: hostap_2_4~997 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c5043b42cf05b61b9b3174fdeb1982f22d3cb86;p=thirdparty%2Fhostap.git proxyarp: Relax frame length limit for RA and NA Only the NS frames should be checked to be long enough to cover all the fields used in the NS data structure. This allows shorter RA and NA frames to be processed for multicast-to-unicast rules. Signed-off-by: Jouni Malinen --- diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c index cfd90a2c6..b0d42dcd8 100644 --- a/src/ap/ndisc_snoop.c +++ b/src/ap/ndisc_snoop.c @@ -91,11 +91,13 @@ static void handle_ndisc(void *ctx, const u8 *src_addr, const u8 *buf, int res; char addrtxt[INET6_ADDRSTRLEN + 1]; - if (len < ETH_HLEN + sizeof(*msg)) + if (len < ETH_HLEN + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)) return; msg = (struct icmpv6_ndmsg *) &buf[ETH_HLEN]; switch (msg->icmp6h.icmp6_type) { case NEIGHBOR_SOLICITATION: + if (len < ETH_HLEN + sizeof(*msg)) + return; if (msg->opt_type != SOURCE_LL_ADDR) return;