CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2023/01/12 06:12:11
Modified files:
sys/net : Tag: OPENBSD_7_2 pf.c
sys/netinet : Tag: OPENBSD_7_2 tcp_input.c
Log message:
Binding the accept socket in TCP input relies on the fact that the
listen port is not bound to port 0. With a matching pf divert-to
rule this assumption is no longer true and could crash the kernel
with kassert. In both pf and stack drop TCP packets with destination
port 0 before they can do harm.
OK sashan@ claudio@
this is errata/7.2/013_tcp.patch.sig
