From f85ed72bac6aaf292922898a0d89cd8d746e319c Mon Sep 17 00:00:00 2001 From: Simon Goldschmidt Date: Tue, 3 Oct 2023 17:50:28 +0200 Subject: [PATCH] ipv6: frag: fix bogus icmp6 response on reassembly timeout See bug #63929 --- src/core/ipv6/ip6_frag.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/ipv6/ip6_frag.c b/src/core/ipv6/ip6_frag.c index 16bcf9508..5bee2d4f1 100644 --- a/src/core/ipv6/ip6_frag.c +++ b/src/core/ipv6/ip6_frag.c @@ -162,7 +162,7 @@ ip6_reass_free_complete_datagram(struct ip6_reassdata *ipr) ipr->p = iprh->next_pbuf; /* Restore the part that we've overwritten with our helper structure, or we * might send garbage (and disclose a pointer) in the ICMPv6 reply. */ - MEMCPY(p->payload, ipr->orig_hdr, sizeof(iprh)); + MEMCPY(p->payload, ipr->orig_hdr, sizeof(*iprh)); /* Then, move back to the original ipv6 header (we are now pointing to Fragment header). This cannot fail since we already checked when receiving this fragment. */ if (pbuf_header_force(p, (s16_t)((u8_t*)p->payload - (u8_t*)ipr->iphdr))) {