Read Time:15 Second
Posted by Erg Noor on Mar 06
Hi,
Fun OpenBSD bug.
ip_dooptions() will allow IPOPT_SSRR with optlen = 2.
save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/
-erg