Bug 199304
| Summary: | minor bug in /usr/src/sys/netinet6/nd6_nbr.c | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Alexandre Fenyo <fbsd.bugzilla> |
| Component: | kern | Assignee: | Andrey V. Elsukov <ae> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | CC: | ae |
| Priority: | --- | ||
| Version: | 10.1-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
A commit references this bug: Author: ae Date: Thu Apr 9 12:57:59 UTC 2015 New revision: 281309 URL: https://svnweb.freebsd.org/changeset/base/281309 Log: Fix the check for maximum mbuf's size needed to send ND6 NA and NS. It is acceptable that the size can be equal to MCLBYTES. In the later KAME's code this check has been moved under DIAGNOSTIC ifdef, because the size of NA and NS is much smaller than MCLBYTES. So, it is safe to replace the check with KASSERT. PR: 199304 Discussed with: glebius MFC after: 1 week Changes: head/sys/netinet6/nd6_nbr.c A commit references this bug: Author: ae Date: Wed Apr 22 19:41:29 UTC 2015 New revision: 281866 URL: https://svnweb.freebsd.org/changeset/base/281866 Log: MFC r281309: Fix the check for maximum mbuf's size needed to send ND6 NA and NS. It is acceptable that the size can be equal to MCLBYTES. In the later KAME's code this check has been moved under DIAGNOSTIC ifdef, because the size of NA and NS is much smaller than MCLBYTES. So, it is safe to replace the check with KASSERT. PR: 199304 Changes: _U stable/10/ _U stable/10/sys/gnu/dts/ stable/10/sys/netinet6/nd6_nbr.c A commit references this bug: Author: ae Date: Wed Apr 22 19:59:09 UTC 2015 New revision: 281867 URL: https://svnweb.freebsd.org/changeset/base/281867 Log: MFC r281309: Fix the check for maximum mbuf's size needed to send ND6 NA and NS. It is acceptable that the size can be equal to MCLBYTES. In the later KAME's code this check has been moved under DIAGNOSTIC ifdef, because the size of NA and NS is much smaller than MCLBYTES. So, it is safe to replace the check with KASSERT. PR: 199304 Changes: _U stable/9/sys/ _U stable/9/sys/amd64/include/xen/ _U stable/9/sys/boot/ _U stable/9/sys/boot/forth/ _U stable/9/sys/boot/i386/efi/ _U stable/9/sys/boot/i386/gptboot/ _U stable/9/sys/boot/ia64/efi/ _U stable/9/sys/boot/ia64/ski/ _U stable/9/sys/boot/powerpc/boot1.chrp/ _U stable/9/sys/boot/powerpc/ofw/ _U stable/9/sys/cddl/contrib/opensolaris/ _U stable/9/sys/conf/ _U stable/9/sys/contrib/dev/acpica/ _U stable/9/sys/contrib/dev/run/ _U stable/9/sys/contrib/octeon-sdk/ _U stable/9/sys/contrib/pf/ _U stable/9/sys/contrib/x86emu/ _U stable/9/sys/dev/ _U stable/9/sys/dev/e1000/ _U stable/9/sys/dev/isp/ _U stable/9/sys/dev/ixgbe/ _U stable/9/sys/dev/puc/ _U stable/9/sys/dev/usb/wlan/if_run.c _U stable/9/sys/dev/usb/wlan/if_runreg.h _U stable/9/sys/fs/ _U stable/9/sys/fs/ntfs/ _U stable/9/sys/modules/ _U stable/9/sys/modules/ixgbe/ _U stable/9/sys/modules/svr4/ _U stable/9/sys/net/ stable/9/sys/netinet6/nd6_nbr.c _U stable/9/sys/netpfil/ _U stable/9/sys/sys/ |
In /usr/src/sys/netinet6/nd6_nbr.c, there are 2 times the following code: if (max_linkhdr + maxlen >= MCLBYTES) { #ifdef DIAGNOSTIC printf("nd6_ns_output: max_linkhdr + maxlen >= MCLBYTES " "(%d + %d > %d)\n", max_linkhdr, maxlen, MCLBYTES); #endif return; } There is two times the same little mistake in this code: the ">=" should changed to ">". It is correctly written in the last part of the diag: "(%d + %d > %d)\n" But it is incorrect in the test (">= MCLBYTES" instead of "> MCLBYTES") and in the first part of the diag: "max_linkhdr + maxlen >= MCLBYTES" instead of "max_linkhdr + maxlen > MCLBYTES". This is a bug because if the packet need exactly MCLBYTES, it is possible to process it, but the code would not process the packet. Anyway, this case should never happen because the Neigbor Advertisement and Neighbor Solicitation packets are always small enough to be contained in a single MBUF cluster. But the code is wrong, it would be nicer if corrected.