K 10
svn:author
V 5
markj
K 8
svn:date
V 27
2021-03-24T13:34:48.914904Z
K 7
svn:log
V 698
rtsold: Fix validation of RDNSS options

The header specifies the size of the option in multiples of eight bytes.
The option consists of an eight-byte header followed by one or more IPv6
addresses, so the option is invalid if the size is not equal to 1+2n for
some n>0.  Check this.

The bug can cause random stack data to be formatted as an IPv6 address
and passed to resolvconf(8), but a host able to trigger the bug may also
specify arbitrary addresses this way.

Reported by:	Q C <cq674350529@gmail.com>
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 1af332a7d8f86b6fcc1f0f575fe5b06021b54f4c)

Git Hash:   31f8a7f31c8622833a7750de79617573f8e6a521
Git Author: markj@FreeBSD.org
END