Skip to content

onion-tunnel: Properly advance the payload

Clara Engler requested to merge cve/onionmasq:dev/cve/parser-hop-fix into main

This commit fixes a potential bug that occurred during testing, namely that the tail of an IPv6 hop by hop header minus the first two bytes gets prepended to the next item in the IPv6 frame.

I believe this issue is primarily caused by the fact, ext_repr.header_len() returns the constant 2, no matter what.

This behavior is wrong, because the smallest hop by hop package is 8 bytes long. Fortunately, adding the length of the data to it, seems to be a fix.

Merge request reports

Loading