A cikin tsarin bayan bayanan slaacd, wanda ke da alhakin daidaitawar adireshin IPv6 (IPv6 Stateless Address Autoconfiguration, RFC 4862) a cikin OpenBSD, an gano raunin da zai haifar da ambaliya yayin karɓar tallan mai ba da hanya tsakanin hanyoyin sadarwa na IPv6 na musamman (RA, Tallan na'ura mai ba da hanya tsakanin hanyoyin sadarwa) .
Da farko, an aiwatar da aikin daidaitawa ta atomatik na IPv6 a matakin kernel, amma farawa da OpenBSD 6.2 an ƙaura zuwa wani tsari na slaacd na daban. Wannan tsari yana da alhakin aika saƙon RS (Router Solicitation) da rarraba martanin RA (Tallafin na'ura mai ba da hanya tsakanin hanyoyin sadarwa) tare da bayani game da na'ura mai ba da hanya tsakanin hanyoyin sadarwa da sigogin haɗin cibiyar sadarwa.
A watan Fabrairu, slaacd ya gyara kwaro wanda ya sa ya fadi idan an kayyade sabar 7 a cikin jerin RDNSS (Recursive DNS Servers). Wannan sa ido ya jawo hankalin masu bincike masu zaman kansu waɗanda suka yi ƙoƙari su bincika lambar slaacd don wasu kurakuran da ke faruwa a lokacin da ake rarraba filayen a cikin saƙonnin RA. Binciken ya nuna cewa akwai wata matsala a cikin lambar, wanda ke nuna kanta lokacin sarrafa filin DNSSL (DNS Search List), wanda ya haɗa da jerin sunayen yanki da samfurin masauki don DNS.
Kowane suna a cikin jerin DNSSL an lulluɓe shi ta amfani da maƙasudin ɓarna da shiga tsakani-byte tags waɗanda ke ƙayyade girman bayanan da ke biyo baya. Rashin lahani yana faruwa ne saboda gaskiyar cewa a cikin lambar tantancewa, ana kwafin fili mai girma zuwa madaidaici tare da nau'in lamba da aka sa hannu ("len = data[pos]"). Saboda haka, idan an ƙayyade ƙima a cikin filin tare da saiti mafi mahimmanci, wannan ƙimar za a gane shi a cikin ma'aikacin yanayin a matsayin lambar mara kyau da rajistan madaidaicin girman da aka yarda ("idan (len> 63 || len + pos) + 1 > datalen) {“) ba zai yi aiki ba, wanda zai haifar da kira zuwa memcpy tare da siga wanda girman bayanan da aka kwafi ya wuce girman buffer.
source: budenet.ru