From 72ec399ad8d6348b6c74ea63d80c79784c8b84ae Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Mon, 3 Nov 2014 16:27:45 +0800
Subject: [PATCH 113/506] icmp6 fix no respond to neighbor solicit message

The structure size used in grub_netbuff_pull to get the pointer to
option header is apparently wrong, which leads to subsequent range check
failed and therefore not responding to any neighbor solicit message in my
testing.
---
 ChangeLog             | 5 +++++
 grub-core/net/icmp6.c | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 190d19d..87faadf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-03  Michael Chang  <mchang@suse.com>
+
+	* grub-core/net/icmp6.c (grub_net_recv_icmp6_packet): Fix size
+	of neighbor solicitation packet in grub_netbuff_pull.
+
 2014-10-14  Andrei Borzenkov  <arvidjaar@gmail.com>
 
 	* grub-core/loader/arm/linux.c: Use full initializer for initrd_ctx to
diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c
index bbc9020..796d549 100644
--- a/grub-core/net/icmp6.c
+++ b/grub-core/net/icmp6.c
@@ -205,7 +205,7 @@ grub_net_recv_icmp6_packet (struct grub_net_buff *nb,
 	if (ttl != 0xff)
 	  break;
 	nbh = (struct neighbour_solicit *) nb->data;
-	err = grub_netbuff_pull (nb, sizeof (struct router_adv));
+	err = grub_netbuff_pull (nb, sizeof (*nbh));
 	if (err)
 	  {
 	    grub_netbuff_free (nb);
-- 
2.4.3