Module Name:    src
Committed By:   maxv
Date:           Fri Apr 13 09:29:04 UTC 2018

Modified Files:
        src/sys/netinet: udp_usrreq.c

Log Message:
Improve the check, we want to have len >= udphdr all the time, and not
just when the packet size doesn't match the mbuf size.

Normally that's not a huge problem, since IP6_EXTHDR_GET gets called
earlier, so we can't have

        (ip_len == iphlen + len) && (len < sizeof(struct udphdr))


To generate a diff of this commit:
cvs rdiff -u -r1.247 -r1.248 src/sys/netinet/udp_usrreq.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/udp_usrreq.c
diff -u src/sys/netinet/udp_usrreq.c:1.247 src/sys/netinet/udp_usrreq.c:1.248
--- src/sys/netinet/udp_usrreq.c:1.247	Thu Apr 12 06:49:39 2018
+++ src/sys/netinet/udp_usrreq.c	Fri Apr 13 09:29:04 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: udp_usrreq.c,v 1.247 2018/04/12 06:49:39 maxv Exp $	*/
+/*	$NetBSD: udp_usrreq.c,v 1.248 2018/04/13 09:29:04 maxv Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -66,7 +66,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.247 2018/04/12 06:49:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp_usrreq.c,v 1.248 2018/04/13 09:29:04 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -374,8 +374,12 @@ udp_input(struct mbuf *m, ...)
 	 */
 	ip_len = ntohs(ip->ip_len);
 	len = ntohs((u_int16_t)uh->uh_ulen);
+	if (len < sizeof(struct udphdr)) {
+		UDP_STATINC(UDP_STAT_BADLEN);
+		goto bad;
+	}
 	if (ip_len != iphlen + len) {
-		if (ip_len < iphlen + len || len < sizeof(struct udphdr)) {
+		if (ip_len < iphlen + len) {
 			UDP_STATINC(UDP_STAT_BADLEN);
 			goto bad;
 		}

Reply via email to