CVS commit: [netbsd-8] src/sys

[Martin Husemann]

Module Name:    src
Committed By:   martin
Date:           Tue Sep 17 18:57:23 UTC 2019

Modified Files:
        src/sys/netinet [netbsd-8]: ip_input.c
        src/sys/netinet6 [netbsd-8]: ip6_input.c

Log Message:
Pull up following revision(s) (requested by bouyer in ticket #1378):

        sys/netinet6/ip6_input.c: revision 1.209 (patch)
        sys/netinet/ip_input.c: revision 1.390 (patch)

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.


To generate a diff of this commit:
cvs rdiff -u -r1.355.2.6 -r1.355.2.7 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.178.2.7 -r1.178.2.8 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.355.2.6 src/sys/netinet/ip_input.c:1.355.2.7
--- src/sys/netinet/ip_input.c:1.355.2.6	Sun Mar 18 10:57:01 2018
+++ src/sys/netinet/ip_input.c	Tue Sep 17 18:57:23 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.355.2.6 2018/03/18 10:57:01 martin Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.355.2.7 2019/09/17 18:57:23 martin Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.355.2.6 2018/03/18 10:57:01 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.355.2.7 2019/09/17 18:57:23 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -620,8 +620,25 @@ ip_input(struct mbuf *m)
 			m = NULL;
 			goto out;
 		}
+		if (__predict_false(m->m_len < sizeof (struct ip))) {
+			if ((m = m_pullup(m, sizeof (struct ip))) == NULL) {
+				IP_STATINC(IP_STAT_TOOSMALL);
+				goto out;
+			}
+		}
 		ip = mtod(m, struct ip *);
 		hlen = ip->ip_hl << 2;
+		if (hlen < sizeof(struct ip)) {	/* minimum header length */
+			IP_STATINC(IP_STAT_BADHLEN);
+			goto out;
+		}
+		if (hlen > m->m_len) {
+			if ((m = m_pullup(m, hlen)) == NULL) {
+				IP_STATINC(IP_STAT_BADHLEN);
+				goto out;
+			}
+			ip = mtod(m, struct ip *);
+		}
 
 		/*
 		 * XXX The setting of "srcrt" here is to prevent ip_forward()

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.178.2.7 src/sys/netinet6/ip6_input.c:1.178.2.8
--- src/sys/netinet6/ip6_input.c:1.178.2.7	Mon Apr  9 13:34:10 2018
+++ src/sys/netinet6/ip6_input.c	Tue Sep 17 18:57:23 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.178.2.7 2018/04/09 13:34:10 bouyer Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.178.2.8 2019/09/17 18:57:23 martin Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.178.2.7 2018/04/09 13:34:10 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.178.2.8 2019/09/17 18:57:23 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -358,6 +358,13 @@ ip6_input(struct mbuf *m, struct ifnet *
 			return;
 		if (m == NULL)
 			return;
+		if (__predict_false(m->m_len < sizeof(struct ip6_hdr))) {
+			if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
+				IP6_STATINC(IP6_STAT_TOOSMALL);
+				in6_ifstat_inc(rcvif, ifs6_in_hdrerr);
+				return;
+			}
+		}
 		ip6 = mtod(m, struct ip6_hdr *);
 		srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
 	}