diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2023-01-04 17:31:08 +0100 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2023-01-05 15:08:07 +0100 |
commit | 37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77 (patch) | |
tree | 8e94d2e9d5876f65a1256e45c0438d150098bf1a /udp.h | |
parent | 08c01f5b4e26b0c525875ea697958d058c0d3b7c (diff) | |
download | passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.tar passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.tar.gz passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.tar.bz2 passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.tar.lz passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.tar.xz passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.tar.zst passt-37f82ccd9f4f107cdfbe83598b6733c7a6c4fb77.zip |
tcp: Explicitly check option length field values in tcp_opt_get()
Reported by Coverity (CWE-606, Untrusted loop bound), and actually
harmless because we'll exit the option-scanning loop if the remaining
length is not enough for a new option, instead of reading past the
header.
In any case, it looks like a good idea to explicitly check for
reasonable values of option lengths.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'udp.h')
0 files changed, 0 insertions, 0 deletions