CVS commit: [netbsd-7-0] src/sys

Tue, 17 Sep 2019 11:10:31 -0700 

Module Name:    src
Committed By:   martin
Date:           Tue Sep 17 18:09:37 UTC 2019

Modified Files:
        src/sys/netinet [netbsd-7-0]: ip_input.c
        src/sys/netinet6 [netbsd-7-0]: ip6_input.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1708):

        sys/netinet6/ip6_input.c: revision 1.209 via patch
        sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.


To generate a diff of this commit:
cvs rdiff -u -r1.319.6.1 -r1.319.6.2 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.149.2.1.2.2 -r1.149.2.1.2.3 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.319.6.1 src/sys/netinet/ip_input.c:1.319.6.2
--- src/sys/netinet/ip_input.c:1.319.6.1	Fri Feb  9 14:06:25 2018
+++ src/sys/netinet/ip_input.c	Tue Sep 17 18:09:37 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.319.6.1 2018/02/09 14:06:25 martin Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.319.6.2 2019/09/17 18:09:37 martin Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.6.1 2018/02/09 14:06:25 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.6.2 2019/09/17 18:09:37 martin Exp $");
 
 #include "opt_inet.h"
 #include "opt_compat_netbsd.h"
@@ -526,8 +526,25 @@ ip_input(struct mbuf *m)
 		if (freed || m == NULL) {
 			return;
 		}
+		if (__predict_false(m->m_len < sizeof (struct ip))) {
+			if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
+				IP_STATINC(IP_STAT_TOOSMALL);
+				return;
+			}
+		}
 		ip = mtod(m, struct ip *);
 		hlen = ip->ip_hl << 2;
+		if (hlen < sizeof(struct ip)) {	/* minimum header length */
+			IP_STATINC(IP_STAT_BADHLEN);
+			goto bad;
+		}
+		if (hlen > m->m_len) {
+			if ((m = m_pullup(m, hlen)) == NULL) {
+				IP_STATINC(IP_STAT_BADHLEN);
+				return;
+			}
+			ip = mtod(m, struct ip *);
+		}
 
 		/*
 		 * XXX The setting of "srcrt" here is to prevent ip_forward()

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.149.2.1.2.2 src/sys/netinet6/ip6_input.c:1.149.2.1.2.3
--- src/sys/netinet6/ip6_input.c:1.149.2.1.2.2	Sun Feb 25 23:17:22 2018
+++ src/sys/netinet6/ip6_input.c	Tue Sep 17 18:09:37 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.149.2.1.2.2 2018/02/25 23:17:22 snj Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.149.2.1.2.3 2019/09/17 18:09:37 martin Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.1.2.2 2018/02/25 23:17:22 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.1.2.3 2019/09/17 18:09:37 martin Exp $");
 
 #include "opt_gateway.h"
 #include "opt_inet.h"
@@ -352,6 +352,14 @@ ip6_input(struct mbuf *m)
 			return;
 		if (m == NULL)
 			return;
+		if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
+			struct ifnet *inifp = m->m_pkthdr.rcvif;
+			if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
+				IP6_STATINC(IP6_STAT_TOOSMALL);
+				in6_ifstat_inc(inifp, ifs6_in_hdrerr);
+				return;
+			}
+		}
 		ip6 = mtod(m, struct ip6_hdr *);
 		srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
 	}

Reply via email to