Ping6 application crashes when executed with maximum packet data size option. Maximum allowed data bytes length should be 130768 and not 131024. EXTRA bytes is not accounted while calculating packet length. This happens because memory gets over-written by 256 bytes beyond the outpack buffer in to memory arena. Fix: Account EXTRA bytes in packet length. freebsd/sbin/ping6/ping6.c - #define MAXDATALEN MAXPACKETLEN - IP6LEN - ICMP6ECHOLEN +#define MAXDATALEN MAXPACKETLEN - IP6LEN - ICMP6ECHOLEN - EXTRA How-To-Repeat: Execute Ping6 with -s option with a value of 131024. Verify if the application has crashed.
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped
Keyword: patch or patch-ready – in lieu of summary line prefix: [patch] * bulk change for the keyword * summary lines may be edited manually (not in bulk). Keyword descriptions and search interface: <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>