The branch main has been updated by glebius:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7f3b00a87aff787e93c3896279105510440627f8
commit 7f3b00a87aff787e93c3896279105510440627f8
Author: Gleb Smirnoff <gleb...@freebsd.org>
AuthorDate: 2022-10-04 03:53:04 +0000
Commit: Gleb Smirnoff <gleb...@freebsd.org>
CommitDate: 2022-10-04 03:53:04 +0000
netinet: filter out invalid ICMP responses in ip_icmp()
instead of doing that in every ipproto_ctlinput_t method.
Reviewed by: melifaro
Differential revision: https://reviews.freebsd.org/D36728
---
sys/netinet/ip_icmp.c | 3 +++
sys/netinet/sctp_usrreq.c | 3 ---
sys/netinet/tcp_subr.c | 3 ---
sys/netinet/udp_usrreq.c | 3 ---
4 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 709f920106cc..f0cc703c2757 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -546,6 +546,9 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
/* Discard ICMP's in response to multicast packets */
if (IN_MULTICAST(ntohl(icp->icmp_ip.ip_dst.s_addr)))
goto badcode;
+ /* Filter out responses to INADDR_ANY, protocols ignore it. */
+ if (icp->icmp_ip.ip_dst.s_addr == INADDR_ANY)
+ goto freeit;
#ifdef ICMPPRINTFS
if (icmpprintfs)
printf("deliver to protocol %d\n", icp->icmp_ip.ip_p);
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index e5ddac897d47..fdb195d79656 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -272,9 +272,6 @@ sctp_ctlinput(int cmd, struct sockaddr_in *sin, struct ip
*ip)
struct sctp_init_chunk *ch;
struct sockaddr_in src, dst;
- if (sin->sin_addr.s_addr == INADDR_ANY) {
- return;
- }
if (PRC_IS_REDIRECT(cmd)) {
ip = NULL;
} else if ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0) {
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 0b02f9b66651..e88b3b92b193 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -2866,9 +2866,6 @@ tcp_ctlinput_with_port(int cmd, struct sockaddr_in *sin,
struct ip *ip,
tcp_seq icmp_tcp_seq;
int mtu;
- if (sin->sin_addr.s_addr == INADDR_ANY)
- return;
-
if (cmd == PRC_MSGSIZE)
notify = tcp_mtudisc_notify;
else if (V_icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 68de037ada1a..372341a0351c 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -746,9 +746,6 @@ udp_common_ctlinput(int cmd, struct sockaddr_in *sin,
struct ip *ip,
struct udphdr *uh;
struct inpcb *inp;
- if (sin->sin_addr.s_addr == INADDR_ANY)
- return;
-
if (PRC_IS_REDIRECT(cmd)) {
/* signal EHOSTDOWN, as it flushes the cached route */
in_pcbnotifyall(pcbinfo, sin->sin_addr, EHOSTDOWN, udp_notify);
