Module Name: src Committed By: martin Date: Tue Sep 17 18:07:15 UTC 2019
Modified Files: src/sys/netinet [netbsd-7]: ip_input.c src/sys/netinet6 [netbsd-7]: ip6_input.c Log Message: Pull up following revision(s) (requested by bouyer in ticket #1708): sys/netinet6/ip6_input.c: revision 1.209 via patch sys/netinet/ip_input.c: revision 1.390 via patch Packet filters can return an mbuf chain with fragmented headers, so m_pullup() it if needed and remove the KASSERT()s. To generate a diff of this commit: cvs rdiff -u -r1.319.2.1 -r1.319.2.2 src/sys/netinet/ip_input.c cvs rdiff -u -r1.149.2.3 -r1.149.2.4 src/sys/netinet6/ip6_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/ip_input.c diff -u src/sys/netinet/ip_input.c:1.319.2.1 src/sys/netinet/ip_input.c:1.319.2.2 --- src/sys/netinet/ip_input.c:1.319.2.1 Fri Feb 9 13:37:09 2018 +++ src/sys/netinet/ip_input.c Tue Sep 17 18:07:15 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.319.2.1 2018/02/09 13:37:09 martin Exp $ */ +/* $NetBSD: ip_input.c,v 1.319.2.2 2019/09/17 18:07:15 martin Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -91,7 +91,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.2.1 2018/02/09 13:37:09 martin Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.319.2.2 2019/09/17 18:07:15 martin Exp $"); #include "opt_inet.h" #include "opt_compat_netbsd.h" @@ -526,8 +526,25 @@ ip_input(struct mbuf *m) if (freed || m == NULL) { return; } + if (__predict_false(m->m_len < sizeof (struct ip))) { + if ((m = m_pullup(m, sizeof (struct ip))) == NULL) { + IP_STATINC(IP_STAT_TOOSMALL); + return; + } + } ip = mtod(m, struct ip *); hlen = ip->ip_hl << 2; + if (hlen < sizeof(struct ip)) { /* minimum header length */ + IP_STATINC(IP_STAT_BADHLEN); + goto bad; + } + if (hlen > m->m_len) { + if ((m = m_pullup(m, hlen)) == NULL) { + IP_STATINC(IP_STAT_BADHLEN); + return; + } + ip = mtod(m, struct ip *); + } /* * XXX The setting of "srcrt" here is to prevent ip_forward() Index: src/sys/netinet6/ip6_input.c diff -u src/sys/netinet6/ip6_input.c:1.149.2.3 src/sys/netinet6/ip6_input.c:1.149.2.4 --- src/sys/netinet6/ip6_input.c:1.149.2.3 Sun Feb 25 23:17:47 2018 +++ src/sys/netinet6/ip6_input.c Tue Sep 17 18:07:15 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: ip6_input.c,v 1.149.2.3 2018/02/25 23:17:47 snj Exp $ */ +/* $NetBSD: ip6_input.c,v 1.149.2.4 2019/09/17 18:07:15 martin Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.3 2018/02/25 23:17:47 snj Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.149.2.4 2019/09/17 18:07:15 martin Exp $"); #include "opt_gateway.h" #include "opt_inet.h" @@ -352,6 +352,14 @@ ip6_input(struct mbuf *m) return; if (m == NULL) return; + if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) { + struct ifnet *inifp = m->m_pkthdr.rcvif; + if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) { + IP6_STATINC(IP6_STAT_TOOSMALL); + in6_ifstat_inc(inifp, ifs6_in_hdrerr); + return; + } + } ip6 = mtod(m, struct ip6_hdr *); srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst); }