Module Name: src
Committed By: maxv
Date: Sat Jan 21 11:07:46 UTC 2017
Modified Files:
src/sys/netinet: if_arp.c
Log Message:
Add some checks, mostly same as in_arpinput.
To generate a diff of this commit:
cvs rdiff -u -r1.238 -r1.239 src/sys/netinet/if_arp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/if_arp.c
diff -u src/sys/netinet/if_arp.c:1.238 src/sys/netinet/if_arp.c:1.239
--- src/sys/netinet/if_arp.c:1.238 Fri Jan 20 19:21:01 2017
+++ src/sys/netinet/if_arp.c Sat Jan 21 11:07:46 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_arp.c,v 1.238 2017/01/20 19:21:01 maxv Exp $ */
+/* $NetBSD: if_arp.c,v 1.239 2017/01/21 11:07:46 maxv Exp $ */
/*-
* Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.238 2017/01/20 19:21:01 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.239 2017/01/21 11:07:46 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_ddb.h"
@@ -1902,6 +1902,10 @@ in_revarpinput(struct mbuf *m)
tha = ar_tha(ah);
if (tha == NULL)
goto out;
+ if (ah->ar_pln != sizeof(struct in_addr))
+ goto out;
+ if (ah->ar_hln != rcvif->if_sadl->sdl_alen)
+ goto out;
if (memcmp(tha, CLLADDR(rcvif->if_sadl), rcvif->if_sadl->sdl_alen))
goto out;
memcpy(&srv_ip, ar_spa(ah), sizeof(srv_ip));
