Author: bms
Date: Sat Sep 12 19:45:55 2009
New Revision: 197132
URL: http://svn.freebsd.org/changeset/base/197132
Log:
Tighten input checking in inp_join_group():
* Don't try to use the source address, when its family is unspecified.
* If we get a join without a source, on an existing inclusive
mode group, this is an error, as it would change the filter mode.
Fix a problem with the handling of in_mfilter for new memberships:
* Do not rely on imf being NULL; it is explicitly initialized to a
non-NULL pointer when constructing a membership.
* Explicitly initialize *imf to EX mode when the source address
is unspecified.
This fixes a problem with in_mfilter slot recycling in the join path.
PR: 138690
Submitted by: Stef Walter
MFC after: 5 days
Modified:
head/sys/netinet/in_mcast.c
Modified: head/sys/netinet/in_mcast.c
==============================================================================
--- head/sys/netinet/in_mcast.c Sat Sep 12 19:27:54 2009 (r197131)
+++ head/sys/netinet/in_mcast.c Sat Sep 12 19:45:55 2009 (r197132)
@@ -1957,11 +1957,6 @@ inp_join_group(struct inpcb *inp, struct
if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0)
return (EADDRNOTAVAIL);
- /*
- * MCAST_JOIN_SOURCE on an exclusive membership is an error.
- * On an existing inclusive membership, it just adds the
- * source to the filter list.
- */
imo = inp_findmoptions(inp);
idx = imo_match_group(imo, ifp, &gsa->sa);
if (idx == -1) {
@@ -1969,15 +1964,33 @@ inp_join_group(struct inpcb *inp, struct
} else {
inm = imo->imo_membership[idx];
imf = &imo->imo_mfilters[idx];
- if (ssa->ss.ss_family != AF_UNSPEC &&
- imf->imf_st[1] != MCAST_INCLUDE) {
- error = EINVAL;
- goto out_inp_locked;
- }
- lims = imo_match_source(imo, idx, &ssa->sa);
- if (lims != NULL) {
- error = EADDRNOTAVAIL;
- goto out_inp_locked;
+ if (ssa->ss.ss_family != AF_UNSPEC) {
+ /*
+ * MCAST_JOIN_SOURCE on an exclusive membership
+ * is an error. On an existing inclusive membership,
+ * it just adds the source to the filter list.
+ */
+ if (imf->imf_st[1] != MCAST_INCLUDE) {
+ error = EINVAL;
+ goto out_inp_locked;
+ }
+ /* Throw out duplicates. */
+ lims = imo_match_source(imo, idx, &ssa->sa);
+ if (lims != NULL) {
+ error = EADDRNOTAVAIL;
+ goto out_inp_locked;
+ }
+ } else {
+ /*
+ * MCAST_JOIN_GROUP on an existing inclusive
+ * membership is an error; if you want to change
+ * filter mode, you must use the userland API
+ * setsourcefilter().
+ */
+ if (imf->imf_st[1] == MCAST_INCLUDE) {
+ error = EINVAL;
+ goto out_inp_locked;
+ }
}
}
@@ -2010,7 +2023,8 @@ inp_join_group(struct inpcb *inp, struct
/*
* Graft new source into filter list for this inpcb's
* membership of the group. The in_multi may not have
- * been allocated yet if this is a new membership.
+ * been allocated yet if this is a new membership, however,
+ * the in_mfilter slot will be allocated and must be initialized.
*/
if (ssa->ss.ss_family != AF_UNSPEC) {
/* Membership starts in IN mode */
@@ -2027,6 +2041,12 @@ inp_join_group(struct inpcb *inp, struct
error = ENOMEM;
goto out_imo_free;
}
+ } else {
+ /* No address specified; Membership starts in EX mode */
+ if (is_new) {
+ CTR1(KTR_IGMPV3, "%s: new join w/o source", __func__);
+ imf_init(imf, MCAST_UNDEFINED, MCAST_EXCLUDE);
+ }
}
/*
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
