Module Name: src
Committed By: snj
Date: Sun Feb 5 05:46:51 UTC 2017
Modified Files:
src/sys/net [netbsd-6-0]: if_arcsubr.c if_ecosubr.c if_ethersubr.c
if_fddisubr.c if_tokensubr.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1429):
sys/net/if_arcsubr.c: revision 1.76 via patch
sys/net/if_ecosubr.c: revision 1.50 via patch
sys/net/if_ethersubr.c: revision 1.236 via patch
sys/net/if_fddisubr.c: revision 1.104 via patch
sys/net/if_tokensubr.c: revision 1.80 via patch
Don't forget to free the mbuf when we decide not to reply to an ARP
request. This obviously is a terrible bug, since it allows a remote sender
to DoS the system with specially-crafted requests sent in a loop.
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.63.20.1 src/sys/net/if_arcsubr.c
cvs rdiff -u -r1.36 -r1.36.10.1 src/sys/net/if_ecosubr.c
cvs rdiff -u -r1.188.8.2.4.1 -r1.188.8.2.4.2 src/sys/net/if_ethersubr.c
cvs rdiff -u -r1.81 -r1.81.20.1 src/sys/net/if_fddisubr.c
cvs rdiff -u -r1.61 -r1.61.14.1 src/sys/net/if_tokensubr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_arcsubr.c
diff -u src/sys/net/if_arcsubr.c:1.63 src/sys/net/if_arcsubr.c:1.63.20.1
--- src/sys/net/if_arcsubr.c:1.63 Mon Apr 5 07:22:22 2010
+++ src/sys/net/if_arcsubr.c Sun Feb 5 05:46:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_arcsubr.c,v 1.63 2010/04/05 07:22:22 joerg Exp $ */
+/* $NetBSD: if_arcsubr.c,v 1.63.20.1 2017/02/05 05:46:51 snj Exp $ */
/*
* Copyright (c) 1994, 1995 Ignatios Souvatzis
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arcsubr.c,v 1.63 2010/04/05 07:22:22 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arcsubr.c,v 1.63.20.1 2017/02/05 05:46:51 snj Exp $");
#include "opt_inet.h"
@@ -196,8 +196,10 @@ arc_output(struct ifnet *ifp, struct mbu
adst = arcbroadcastaddr;
else {
uint8_t *tha = ar_tha(arph);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
adst = *tha;
}
Index: src/sys/net/if_ecosubr.c
diff -u src/sys/net/if_ecosubr.c:1.36 src/sys/net/if_ecosubr.c:1.36.10.1
--- src/sys/net/if_ecosubr.c:1.36 Sun Nov 20 12:15:38 2011
+++ src/sys/net/if_ecosubr.c Sun Feb 5 05:46:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ecosubr.c,v 1.36 2011/11/20 12:15:38 kiyohara Exp $ */
+/* $NetBSD: if_ecosubr.c,v 1.36.10.1 2017/02/05 05:46:51 snj Exp $ */
/*-
* Copyright (c) 2001 Ben Harris
@@ -58,7 +58,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ecosubr.c,v 1.36 2011/11/20 12:15:38 kiyohara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ecosubr.c,v 1.36.10.1 2017/02/05 05:46:51 snj Exp $");
#include "opt_inet.h"
#include "opt_pfil_hooks.h"
@@ -242,8 +242,10 @@ eco_output(struct ifnet *ifp, struct mbu
case AF_ARP:
ah = mtod(m, struct arphdr *);
- if (ntohs(ah->ar_pro) != ETHERTYPE_IP)
- return EAFNOSUPPORT;
+ if (ntohs(ah->ar_pro) != ETHERTYPE_IP) {
+ error = EAFNOSUPPORT;
+ goto bad;
+ }
ehdr.eco_port = ECO_PORT_IP;
switch (ntohs(ah->ar_op)) {
case ARPOP_REQUEST:
@@ -253,7 +255,8 @@ eco_output(struct ifnet *ifp, struct mbu
ehdr.eco_control = ECO_CTL_ARP_REPLY;
break;
default:
- return EOPNOTSUPP;
+ error = EOPNOTSUPP;
+ goto bad;
}
if (m->m_flags & M_BCAST)
@@ -261,8 +264,10 @@ eco_output(struct ifnet *ifp, struct mbu
ECO_ADDR_LEN);
else {
tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
memcpy(ehdr.eco_dhost, tha, ECO_ADDR_LEN);
}
Index: src/sys/net/if_ethersubr.c
diff -u src/sys/net/if_ethersubr.c:1.188.8.2.4.1 src/sys/net/if_ethersubr.c:1.188.8.2.4.2
--- src/sys/net/if_ethersubr.c:1.188.8.2.4.1 Wed Jun 18 09:35:39 2014
+++ src/sys/net/if_ethersubr.c Sun Feb 5 05:46:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ethersubr.c,v 1.188.8.2.4.1 2014/06/18 09:35:39 msaitoh Exp $ */
+/* $NetBSD: if_ethersubr.c,v 1.188.8.2.4.2 2017/02/05 05:46:51 snj Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.188.8.2.4.1 2014/06/18 09:35:39 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.188.8.2.4.2 2017/02/05 05:46:51 snj Exp $");
#include "opt_inet.h"
#include "opt_atalk.h"
@@ -307,6 +307,7 @@ ether_output(struct ifnet * const ifp0,
if (tha == NULL) {
/* fake with ARPHDR_IEEE1394 */
+ m_freem(m);
return 0;
}
memcpy(edst, tha, sizeof(edst));
Index: src/sys/net/if_fddisubr.c
diff -u src/sys/net/if_fddisubr.c:1.81 src/sys/net/if_fddisubr.c:1.81.20.1
--- src/sys/net/if_fddisubr.c:1.81 Mon Apr 5 07:22:23 2010
+++ src/sys/net/if_fddisubr.c Sun Feb 5 05:46:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_fddisubr.c,v 1.81 2010/04/05 07:22:23 joerg Exp $ */
+/* $NetBSD: if_fddisubr.c,v 1.81.20.1 2017/02/05 05:46:51 snj Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -96,7 +96,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_fddisubr.c,v 1.81 2010/04/05 07:22:23 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_fddisubr.c,v 1.81.20.1 2017/02/05 05:46:51 snj Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -303,8 +303,10 @@ fddi_output(struct ifnet *ifp0, struct m
memcpy(edst, etherbroadcastaddr, sizeof(edst));
else {
void *tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
memcpy(edst, tha, sizeof(edst));
}
Index: src/sys/net/if_tokensubr.c
diff -u src/sys/net/if_tokensubr.c:1.61 src/sys/net/if_tokensubr.c:1.61.14.1
--- src/sys/net/if_tokensubr.c:1.61 Tue Jul 19 19:42:27 2011
+++ src/sys/net/if_tokensubr.c Sun Feb 5 05:46:51 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_tokensubr.c,v 1.61 2011/07/19 19:42:27 tron Exp $ */
+/* $NetBSD: if_tokensubr.c,v 1.61.14.1 2017/02/05 05:46:51 snj Exp $ */
/*
* Copyright (c) 1982, 1989, 1993
@@ -92,7 +92,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tokensubr.c,v 1.61 2011/07/19 19:42:27 tron Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tokensubr.c,v 1.61.14.1 2017/02/05 05:46:51 snj Exp $");
#include "opt_inet.h"
#include "opt_atalk.h"
@@ -305,8 +305,10 @@ token_output(struct ifnet *ifp0, struct
}
else {
void *tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
memcpy(edst, tha, sizeof(edst));
trh = (struct token_header *)M_TRHSTART(m);
trh->token_ac = TOKEN_AC;
