Ipolite is used by netflood and route-discovery modules among others. If a route request is yet to be re-broadcasted and a local route discovery is started (interval == 0), the previous queuebuf used is freed but ctimer and queuebuf pointer is left unchanged. This causes corrupt route requests to be sent, invalid routing tables to be formed, memcmp() on NULL pointer on receive, and other undefined behavior.
Signed-off-by: Oskar Nordquist <oskar.nordquist@crlsweden.com>
An off-by-one error in resolv_found() could make an strncat() call
overflow by the terminating null byte.
When building with Clang the following warning was shown:
../../../core/net/ip/resolv.c:1458:17: warning: the value of the
size argument in 'strncat' is too large, might lead to a
buffer overflow [-Wstrncat-size]
sizeof(resolv_hostname) - strlen(resolv_hostname));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../core/net/ip/resolv.c:1458:17: note: change the argument to
be the free space in the destination buffer minus the
terminating null byte
sizeof(resolv_hostname) - strlen(resolv_hostname));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sizeof(resolv_hostname) - strlen(resolv_hostname) - 1
Signed-off-by: Joakim Gebart <joakim.gebart@eistec.se>
to allow for creating and securing frames in advance; Create and secure frames in advance when sending bursts; Do neither recreate nor resecure frames that come from phase
The problem came from the fact that there two opposite macro (UIP_CONF_ROUTER) that could not activate the code responsible to send the PIO option in NDP.
In Neighbor Discovery Protocol, when IPv6 host adds a prefix (coming from PIO) but it is always failing whatever if is successfully add in prefix table. The reason comes from the fact that the function uip_ds6_prefix_add in host version always return NULL. This is opposite of the specification of the router version.
