sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NetworkPkg: better sanity check on Ipv6 prefix length

Browse Source 
Fix a possible buffer overrun issue that could occur if PrefixLength >
128 . Changed == 128 to >= 128. Also remove check for Byte < 16, which
is no longer possible because of the first change.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
This commit is contained in:
Samer El-Haj-Mahmoud 2016-02-12 07:57:59 +08:00 committed by Fu Siyuan
parent 93aea44f42
commit 40696972bf
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
NetworkPkg/Ip6Dxe/Ip6Icmp.c
View File

@ -2,6 +2,7 @@
The ICMPv6 handle routines to process the ICMPv6 control messages.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@ -479,7 +480,7 @@ Ip6GetPrefix (
return ;
}
if (PrefixLength == IP6_PREFIX_NUM - 1) {
if (PrefixLength >= IP6_PREFIX_NUM - 1) {
return ;
}
@ -487,7 +488,7 @@ Ip6GetPrefix (
Bit = (UINT8) (PrefixLength % 8);
Value = Prefix->Addr[Byte];
if ((Byte > 0) && (Byte < 16)) {
if (Byte > 0) {
ZeroMem (Prefix->Addr + Byte, 16 - Byte);
}