From 8c5043b42cf05b61b9b3174fdeb1982f22d3cb86 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Fri, 28 Nov 2014 19:44:58 +0200 Subject: [PATCH] proxyarp: Relax frame length limit for RA and NA Only the NS frames should be checked to be long enough to cover all the fields used in the NS data structure. This allows shorter RA and NA frames to be processed for multicast-to-unicast rules. Signed-off-by: Jouni Malinen --- src/ap/ndisc_snoop.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ap/ndisc_snoop.c b/src/ap/ndisc_snoop.c index cfd90a2c6..b0d42dcd8 100644 --- a/src/ap/ndisc_snoop.c +++ b/src/ap/ndisc_snoop.c @@ -91,11 +91,13 @@ static void handle_ndisc(void *ctx, const u8 *src_addr, const u8 *buf, int res; char addrtxt[INET6_ADDRSTRLEN + 1]; - if (len < ETH_HLEN + sizeof(*msg)) + if (len < ETH_HLEN + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr)) return; msg = (struct icmpv6_ndmsg *) &buf[ETH_HLEN]; switch (msg->icmp6h.icmp6_type) { case NEIGHBOR_SOLICITATION: + if (len < ETH_HLEN + sizeof(*msg)) + return; if (msg->opt_type != SOURCE_LL_ADDR) return;