CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2024/03/05 02:45:13
Modified files:
sys/netinet : ip_divert.c ip_var.h raw_ip.c
Log message:
Validate IPv4 packet options in divert output.
When sending raw packets over divert socket, IP options were not
validated. Fragment code tries to copy them and crashes. Raw IP
output has a similar feature, but uses rip_chkhdr() to prevent
invalid packets from userland. Call this funtion also from
divert_output() for strict user input validation.
Reported-by: syzbot+b1ba3a2a8ef13e5b4...@syzkaller.appspotmail.com
OK dlg@ deraadt@ mvs@
