CVS commit: src/sys

Sun, 26 Apr 2015 09:46:08 -0700 

Module Name:    src
Committed By:   rtr
Date:           Sun Apr 26 16:45:51 UTC 2015

Modified Files:
        src/sys/netinet: in_pcb.c
        src/sys/netinet6: in6_pcb.c

Log Message:
return EINVAL if sin{,6}_len != sizeof(sockaddr_in{,6}) respectively in
in{,6}_pcbconnect().

checking just m->m_len isn't enough because there are various places that
assume sa_len has been properly populated.


To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 src/sys/netinet/in_pcb.c
cvs rdiff -u -r1.136 -r1.137 src/sys/netinet6/in6_pcb.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netinet/in_pcb.c
diff -u src/sys/netinet/in_pcb.c:1.157 src/sys/netinet/in_pcb.c:1.158
--- src/sys/netinet/in_pcb.c:1.157	Fri Apr 24 22:32:37 2015
+++ src/sys/netinet/in_pcb.c	Sun Apr 26 16:45:51 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: in_pcb.c,v 1.157 2015/04/24 22:32:37 rtr Exp $	*/
+/*	$NetBSD: in_pcb.c,v 1.158 2015/04/26 16:45:51 rtr Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,7 +93,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.157 2015/04/24 22:32:37 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in_pcb.c,v 1.158 2015/04/26 16:45:51 rtr Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -461,6 +461,8 @@ in_pcbconnect(void *v, struct mbuf *nam,
 
 	if (nam->m_len != sizeof (*sin))
 		return (EINVAL);
+	if (sin->sin_len != sizeof (*sin))
+		return (EINVAL);
 	if (sin->sin_family != AF_INET)
 		return (EAFNOSUPPORT);
 	if (sin->sin_port == 0)

Index: src/sys/netinet6/in6_pcb.c
diff -u src/sys/netinet6/in6_pcb.c:1.136 src/sys/netinet6/in6_pcb.c:1.137
--- src/sys/netinet6/in6_pcb.c:1.136	Fri Apr 24 22:32:37 2015
+++ src/sys/netinet6/in6_pcb.c	Sun Apr 26 16:45:50 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: in6_pcb.c,v 1.136 2015/04/24 22:32:37 rtr Exp $	*/
+/*	$NetBSD: in6_pcb.c,v 1.137 2015/04/26 16:45:50 rtr Exp $	*/
 /*	$KAME: in6_pcb.c,v 1.84 2001/02/08 18:02:08 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.136 2015/04/24 22:32:37 rtr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: in6_pcb.c,v 1.137 2015/04/26 16:45:50 rtr Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -446,6 +446,8 @@ in6_pcbconnect(void *v, struct mbuf *nam
 
 	if (nam->m_len != sizeof(*sin6))
 		return (EINVAL);
+	if (sin6->sin6_len != sizeof(*sin6))
+		return (EINVAL);
 	if (sin6->sin6_family != AF_INET6)
 		return (EAFNOSUPPORT);
 	if (sin6->sin6_port == 0)

Reply via email to