Module Name: src
Committed By: snj
Date: Sun Feb 5 19:14:01 UTC 2017
Modified Files:
src/sys/net [netbsd-7-0]: if_arcsubr.c if_ecosubr.c if_ethersubr.c
if_fddisubr.c if_tokensubr.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1355):
sys/net/if_arcsubr.c: revision 1.76 via patch
sys/net/if_ecosubr.c: revision 1.50 via patch
sys/net/if_ethersubr.c: revision 1.236 via patch
sys/net/if_fddisubr.c: revision 1.104 via patch
sys/net/if_tokensubr.c: revision 1.80 via patch
Don't forget to free the mbuf when we decide not to reply to an ARP
request. This obviously is a terrible bug, since it allows a remote sender
to DoS the system with specially-crafted requests sent in a loop.
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.66.6.1 src/sys/net/if_arcsubr.c
cvs rdiff -u -r1.40.2.1 -r1.40.2.1.2.1 src/sys/net/if_ecosubr.c
cvs rdiff -u -r1.204 -r1.204.4.1 src/sys/net/if_ethersubr.c
cvs rdiff -u -r1.88 -r1.88.6.1 src/sys/net/if_fddisubr.c
cvs rdiff -u -r1.65 -r1.65.4.1 src/sys/net/if_tokensubr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_arcsubr.c
diff -u src/sys/net/if_arcsubr.c:1.66 src/sys/net/if_arcsubr.c:1.66.6.1
--- src/sys/net/if_arcsubr.c:1.66 Thu Jun 5 23:48:16 2014
+++ src/sys/net/if_arcsubr.c Sun Feb 5 19:14:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_arcsubr.c,v 1.66 2014/06/05 23:48:16 rmind Exp $ */
+/* $NetBSD: if_arcsubr.c,v 1.66.6.1 2017/02/05 19:14:01 snj Exp $ */
/*
* Copyright (c) 1994, 1995 Ignatios Souvatzis
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arcsubr.c,v 1.66 2014/06/05 23:48:16 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arcsubr.c,v 1.66.6.1 2017/02/05 19:14:01 snj Exp $");
#include "opt_inet.h"
@@ -196,8 +196,10 @@ arc_output(struct ifnet *ifp, struct mbu
adst = arcbroadcastaddr;
else {
uint8_t *tha = ar_tha(arph);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
adst = *tha;
}
Index: src/sys/net/if_ecosubr.c
diff -u src/sys/net/if_ecosubr.c:1.40.2.1 src/sys/net/if_ecosubr.c:1.40.2.1.2.1
--- src/sys/net/if_ecosubr.c:1.40.2.1 Mon Dec 1 11:38:43 2014
+++ src/sys/net/if_ecosubr.c Sun Feb 5 19:14:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ecosubr.c,v 1.40.2.1 2014/12/01 11:38:43 martin Exp $ */
+/* $NetBSD: if_ecosubr.c,v 1.40.2.1.2.1 2017/02/05 19:14:01 snj Exp $ */
/*-
* Copyright (c) 2001 Ben Harris
@@ -58,7 +58,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ecosubr.c,v 1.40.2.1 2014/12/01 11:38:43 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ecosubr.c,v 1.40.2.1.2.1 2017/02/05 19:14:01 snj Exp $");
#include "opt_inet.h"
@@ -241,8 +241,10 @@ eco_output(struct ifnet *ifp, struct mbu
case AF_ARP:
ah = mtod(m, struct arphdr *);
- if (ntohs(ah->ar_pro) != ETHERTYPE_IP)
- return EAFNOSUPPORT;
+ if (ntohs(ah->ar_pro) != ETHERTYPE_IP) {
+ error = EAFNOSUPPORT;
+ goto bad;
+ }
ehdr.eco_port = ECO_PORT_IP;
switch (ntohs(ah->ar_op)) {
case ARPOP_REQUEST:
@@ -252,7 +254,8 @@ eco_output(struct ifnet *ifp, struct mbu
ehdr.eco_control = ECO_CTL_ARP_REPLY;
break;
default:
- return EOPNOTSUPP;
+ error = EOPNOTSUPP;
+ goto bad;
}
if (m->m_flags & M_BCAST)
@@ -260,8 +263,10 @@ eco_output(struct ifnet *ifp, struct mbu
ECO_ADDR_LEN);
else {
tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
memcpy(ehdr.eco_dhost, tha, ECO_ADDR_LEN);
}
Index: src/sys/net/if_ethersubr.c
diff -u src/sys/net/if_ethersubr.c:1.204 src/sys/net/if_ethersubr.c:1.204.4.1
--- src/sys/net/if_ethersubr.c:1.204 Sun Aug 10 16:44:36 2014
+++ src/sys/net/if_ethersubr.c Sun Feb 5 19:14:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ethersubr.c,v 1.204 2014/08/10 16:44:36 tls Exp $ */
+/* $NetBSD: if_ethersubr.c,v 1.204.4.1 2017/02/05 19:14:01 snj Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.204 2014/08/10 16:44:36 tls Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.204.4.1 2017/02/05 19:14:01 snj Exp $");
#include "opt_inet.h"
#include "opt_atalk.h"
@@ -299,6 +299,7 @@ ether_output(struct ifnet * const ifp0,
if (tha == NULL) {
/* fake with ARPHDR_IEEE1394 */
+ m_freem(m);
return 0;
}
memcpy(edst, tha, sizeof(edst));
Index: src/sys/net/if_fddisubr.c
diff -u src/sys/net/if_fddisubr.c:1.88 src/sys/net/if_fddisubr.c:1.88.6.1
--- src/sys/net/if_fddisubr.c:1.88 Sat Jun 7 09:34:02 2014
+++ src/sys/net/if_fddisubr.c Sun Feb 5 19:14:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_fddisubr.c,v 1.88 2014/06/07 09:34:02 martin Exp $ */
+/* $NetBSD: if_fddisubr.c,v 1.88.6.1 2017/02/05 19:14:01 snj Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -96,7 +96,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_fddisubr.c,v 1.88 2014/06/07 09:34:02 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_fddisubr.c,v 1.88.6.1 2017/02/05 19:14:01 snj Exp $");
#include "opt_gateway.h"
#include "opt_inet.h"
@@ -294,8 +294,10 @@ fddi_output(struct ifnet *ifp0, struct m
memcpy(edst, etherbroadcastaddr, sizeof(edst));
else {
void *tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
memcpy(edst, tha, sizeof(edst));
}
Index: src/sys/net/if_tokensubr.c
diff -u src/sys/net/if_tokensubr.c:1.65 src/sys/net/if_tokensubr.c:1.65.4.1
--- src/sys/net/if_tokensubr.c:1.65 Thu Jun 5 23:48:16 2014
+++ src/sys/net/if_tokensubr.c Sun Feb 5 19:14:01 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_tokensubr.c,v 1.65 2014/06/05 23:48:16 rmind Exp $ */
+/* $NetBSD: if_tokensubr.c,v 1.65.4.1 2017/02/05 19:14:01 snj Exp $ */
/*
* Copyright (c) 1982, 1989, 1993
@@ -92,7 +92,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tokensubr.c,v 1.65 2014/06/05 23:48:16 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tokensubr.c,v 1.65.4.1 2017/02/05 19:14:01 snj Exp $");
#include "opt_inet.h"
#include "opt_atalk.h"
@@ -295,8 +295,10 @@ token_output(struct ifnet *ifp0, struct
}
else {
void *tha = ar_tha(ah);
- if (tha == NULL)
+ if (tha == NULL) {
+ m_freem(m);
return 0;
+ }
memcpy(edst, tha, sizeof(edst));
trh = (struct token_header *)M_TRHSTART(m);
trh->token_ac = TOKEN_AC;
