---
- branch: MAIN
  date: Fri Apr 19 00:55:35 UTC 2024
  files:
  - new: '1.235'
    old: '1.234'
    path: src/sys/netinet6/ip6_output.c
    pathrev: src/sys/netinet6/ip6_output.c@1.235
    type: modified
  id: 20240419T005535Z.e227d5da4008a5f70f4b843e8af07903667a8f80
  log: |
    ip6_output: Initialize plen for ip6_hopopts_input.

    This funny little block in ip6_process_hopopts assumes it is
    initialized as and behaves differently depending on whether it's zero
    or not:

    https://nxr.netbsd.org/xref/src/sys/netinet6/ip6_input.c?r=1.227#976

    In the other call site, it is initialized to ip6->ip6_plen:

    https://nxr.netbsd.org/xref/src/sys/netinet6/ip6_input.c?r=1.227#561

    Reported-by: syzbot+587e3b707bdfe533283f@syzkaller.appspotmail.com
    https://syzkaller.appspot.com/bug?extid=587e3b707bdfe533283f
  module: src
  subject: 'CVS commit: src/sys/netinet6'
  unixtime: '1713488135'
  user: riastradh