diff options
author | Samer El-Haj-Mahmoud <samer.el-haj-mahmoud@hpe.com> | 2016-02-12 07:57:59 +0800 |
---|---|---|
committer | Fu Siyuan <siyuan.fu@intel.com> | 2016-02-14 10:31:20 +0800 |
commit | 40696972bffcd5067de02ba6afc19b773e2cfab1 (patch) | |
tree | 98735053afcc2a0774937453e23e6b8ab932a5dc /NetworkPkg | |
parent | 93aea44f42000cbaacc91df0cad5fc5ca464f061 (diff) | |
download | edk2-platforms-40696972bffcd5067de02ba6afc19b773e2cfab1.tar.xz |
NetworkPkg: better sanity check on Ipv6 prefix length
Fix a possible buffer overrun issue that could occur if PrefixLength >
128 . Changed == 128 to >= 128. Also remove check for Byte < 16, which
is no longer possible because of the first change.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Diffstat (limited to 'NetworkPkg')
-rw-r--r-- | NetworkPkg/Ip6Dxe/Ip6Icmp.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/NetworkPkg/Ip6Dxe/Ip6Icmp.c b/NetworkPkg/Ip6Dxe/Ip6Icmp.c index db40b81d5e..f6a9bb406f 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Icmp.c +++ b/NetworkPkg/Ip6Dxe/Ip6Icmp.c @@ -2,7 +2,8 @@ The ICMPv6 handle routines to process the ICMPv6 control messages.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -479,7 +480,7 @@ Ip6GetPrefix ( return ;
}
- if (PrefixLength == IP6_PREFIX_NUM - 1) {
+ if (PrefixLength >= IP6_PREFIX_NUM - 1) {
return ;
}
@@ -487,7 +488,7 @@ Ip6GetPrefix ( Bit = (UINT8) (PrefixLength % 8);
Value = Prefix->Addr[Byte];
- if ((Byte > 0) && (Byte < 16)) {
+ if (Byte > 0) {
ZeroMem (Prefix->Addr + Byte, 16 - Byte);
}
|