Subject: udp with dst port 0
To: None <firstname.lastname@example.org>
From: Jun-ichiro itojun Hagino <email@example.com>
Date: 01/08/2000 03:33:17
4.4BSD udp behavior disagrees with what spec says about port# of 0,
and the fact can be used for certain kind of attacks (though it should
be very rare).
- inbound: udp spec seem to disallow dst port == 0. however, 4.4BSD
udp stack does not check such case.
any udp socket will mistakingly accept such packet, between the
creation time (socket(2)) and lport bind time (bind(2) or connect(2)).
this is critical as attacker may be able to confuse udp-based
- outbound: udp spec allows src port == 0. src port == 0 means that
"there's no particular source port". however, we can never generate
such packet using udp socket. (non-critical)
this is basically because 4.4BSD udp/tcp code overloads "port == 0"
to mean "port is not assigned yet". fundamental fix would be to have
separate flag bit to disambiguate "not assigned" situation from
"port is really 0" situation.
Could I commit the fix presented in PR 9137, to fix the former problem