On Tue, Nov 6, 2018 at 10:41 AM Paul Ripke <s...@stix.id.au> wrote: > > On Mon, Nov 05, 2018 at 05:28:23PM +0900, Ryota Ozaki wrote: > > On Mon, Nov 5, 2018 at 4:40 PM Michael van Elst <mlel...@serpens.de> wrote: > > > > > > ozak...@netbsd.org (Ryota Ozaki) writes: > > > > > > >diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c > > > >index ee4fc6fdfb3..a4a74c8009e 100644 > > > >--- a/sys/netinet6/udp6_usrreq.c > > > >+++ b/sys/netinet6/udp6_usrreq.c > > > >@@ -668,10 +668,18 @@ udp6_output(struct in6pcb * const in6p, struct > > > >mbuf *m, > > > > > > > if (addr6) { > > > > sin6 = addr6; > > > >+ if (sin6->sin6_len != sizeof(*sin6)) { > > > >+ error = EINVAL; > > > >+ goto release; > > > >+ } > > > > if (sin6->sin6_family != AF_INET6) { > > > > error = EAFNOSUPPORT; > > > > goto release; > > > > } > > > >+ if (sin6->sin6_port == 0) { > > > >+ error = EADDRNOTAVAIL; > > > >+ goto release; > > > >+ } > > > > > > The port validation is already done a few lines below, > > > > Thanks, that's right. > > > > > but the comment when using the port is a bit strange: > > > > > > fport = sin6->sin6_port; /* allow 0 port */ > > > > > > Apparently that comment (and the port check) already > > > existed when the initial version was imported. > > > > Well... I think the comment is just a leftover to be removed :-/ > > > > ozaki-r > > Thanks! Patched into netbsd-8, running with it now. I do wonder > which process was responsible for doing the op. It's been too long > since I've tried grokking gdb on kvm cores...
Thank you for testing! I hope the patch fixes the panic you encountered. Anyway I'll commit and pull up the fix soon because it certainly fixes a panic. ozaki-r