Module Name: src
Committed By: maxv
Date: Mon Feb 5 14:23:38 UTC 2018
Modified Files:
src/sys/netinet: ip_input.c
Log Message:
Be tougher, and don't allow LSRR+SSRR (RFC7126).
To generate a diff of this commit:
cvs rdiff -u -r1.368 -r1.369 src/sys/netinet/ip_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.368 src/sys/netinet/ip_input.c:1.369
--- src/sys/netinet/ip_input.c:1.368 Mon Feb 5 13:52:39 2018
+++ src/sys/netinet/ip_input.c Mon Feb 5 14:23:38 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $ */
+/* $NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.369 2018/02/05 14:23:38 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -873,14 +873,13 @@ ip_dooptions(struct mbuf *m)
struct ip_timestamp *ipt;
struct in_ifaddr *ia;
int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
- int lsrr_present, ssrr_present, rr_present, ts_present;
+ int srr_present, rr_present, ts_present;
struct in_addr dst;
n_time ntime;
struct ifaddr *ifa = NULL;
int s;
- lsrr_present = 0;
- ssrr_present = 0;
+ srr_present = 0;
rr_present = 0;
ts_present = 0;
@@ -931,16 +930,9 @@ ip_dooptions(struct mbuf *m)
code = ICMP_UNREACH_NET_PROHIB;
goto bad;
}
- if (opt == IPOPT_LSRR) {
- if (lsrr_present++) {
- code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
- goto bad;
- }
- } else {
- if (ssrr_present++) {
- code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
- goto bad;
- }
+ if (srr_present++) {
+ code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
+ goto bad;
}
if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
code = &cp[IPOPT_OLEN] - (u_char *)ip;
