Hi,
The raw ip input functions are called from several places, so I
think a check that the address family is correct, is justified.
ok?
bluhm
Index: netinet/raw_ip.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/raw_ip.c,v
retrieving revision 1.98
diff -u -p -r1.98 raw_ip.c
--- netinet/raw_ip.c 14 Apr 2017 20:46:31 -0000 1.98
+++ netinet/raw_ip.c 16 Apr 2017 16:13:42 -0000
@@ -125,6 +125,8 @@ rip_input(struct mbuf **mp, int *offp, i
struct counters_ref ref;
uint64_t *counters;
+ KASSERT(af == AF_INET);
+
ripsrc.sin_addr = ip->ip_src;
TAILQ_FOREACH(inp, &rawcbtable.inpt_queue, inp_queue) {
if (inp->inp_socket->so_state & SS_CANTRCVMORE)
Index: netinet6/raw_ip6.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/raw_ip6.c,v
retrieving revision 1.109
diff -u -p -r1.109 raw_ip6.c
--- netinet6/raw_ip6.c 14 Apr 2017 20:46:31 -0000 1.109
+++ netinet6/raw_ip6.c 16 Apr 2017 16:15:24 -0000
@@ -125,6 +125,8 @@ rip6_input(struct mbuf **mp, int *offp,
struct sockaddr_in6 rip6src;
struct mbuf *opts = NULL;
+ KASSERT(af == AF_INET6);
+
rip6stat_inc(rip6s_ipackets);
/* Be proactive about malicious use of IPv4 mapped address */
