Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/sys/netinet6 Pull up following revision(s) (requested by ...



details:   https://anonhg.NetBSD.org/src/rev/eef5d26e403f
branches:  netbsd-8
changeset: 434798:eef5d26e403f
user:      martin <martin%NetBSD.org@localhost>
date:      Sat Mar 31 10:27:40 2018 +0000

description:
Pull up following revision(s) (requested by maxv in ticket #665):

        sys/netinet6/icmp6.c: revision 1.215

Style, and four fixes:

 * Remove the (disabled) IPPROTO_ESP check. If the packet was decrypted it
   will have M_DECRYPTED, and this is already checked.
 * Memory leaks in icmp6_error2. They seem hardly triggerable.
 * Fix miscomputation in _icmp6_input, the ICMP6 header is not guaranteed
   to be located right after the IP6 header. ok mlelstv@
 * Memory leak in _icmp6_input. This one seems to be impossible to trigger.

diffstat:

 sys/netinet6/icmp6.c |  70 +++++++++++++++++++++++----------------------------
 1 files changed, 32 insertions(+), 38 deletions(-)

diffs (207 lines):

diff -r 6bfd809be4ee -r eef5d26e403f sys/netinet6/icmp6.c
--- a/sys/netinet6/icmp6.c      Fri Mar 30 12:11:07 2018 +0000
+++ b/sys/netinet6/icmp6.c      Sat Mar 31 10:27:40 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: icmp6.c,v 1.211.6.3 2017/11/08 22:24:55 snj Exp $      */
+/*     $NetBSD: icmp6.c,v 1.211.6.4 2018/03/31 10:27:40 martin Exp $   */
 /*     $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.211.6.3 2017/11/08 22:24:55 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.211.6.4 2018/03/31 10:27:40 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -292,8 +292,7 @@
 {
        struct ip6_hdr *ip6;
 
-       if (ifp == NULL)
-               return;
+       KASSERT(ifp != NULL);
 
        if (m->m_len < sizeof(struct ip6_hdr)) {
                m = m_pullup(m, sizeof(struct ip6_hdr));
@@ -304,11 +303,15 @@
        ip6 = mtod(m, struct ip6_hdr *);
 
        if (in6_setscope(&ip6->ip6_src, ifp, NULL) != 0)
-               return;
+               goto out;
        if (in6_setscope(&ip6->ip6_dst, ifp, NULL) != 0)
-               return;
+               goto out;
 
        icmp6_error(m, type, code, param);
+       return;
+
+out:
+       m_freem(m);
 }
 
 /*
@@ -344,7 +347,7 @@
         * we should basically suppress sending an error (RFC 2463, Section
         * 2.4).
         * We have two exceptions (the item e.2 in that section):
-        * - the Pakcet Too Big message can be sent for path MTU discovery.
+        * - the Packet Too Big message can be sent for path MTU discovery.
         * - the Parameter Problem Message that can be allowed an icmp6 error
         *   in the option type field.  This check has been done in
         *   ip6_unknown_opt(), so we can just check the type and code.
@@ -391,18 +394,7 @@
                } else {
                        /* ICMPv6 informational - send the error */
                }
-       }
-#if 0 /* controversial */
-       else if (off >= 0 && nxt == IPPROTO_ESP) {
-               /*
-                * It could be ICMPv6 error inside ESP.  Take a safer side,
-                * don't respond.
-                */
-               ICMP6_STATINC(ICMP6_STAT_CANTERROR);
-               goto freeit;
-       }
-#endif
-       else {
+       } else {
                /* non-ICMPv6 - send the error */
        }
 
@@ -452,11 +444,13 @@
        m_reset_rcvif(m);
 
        ICMP6_STATINC(ICMP6_STAT_OUTHIST + type);
-       icmp6_reflect(m, sizeof(struct ip6_hdr)); /* header order: IPv6 - ICMPv6 */
+
+       /* header order: IPv6 - ICMPv6 */
+       icmp6_reflect(m, sizeof(struct ip6_hdr));
 
        return;
 
-  freeit:
+freeit:
        /*
         * If we can't tell whether or not we can generate ICMP6, free it.
         */
@@ -473,7 +467,7 @@
        struct ip6_hdr *ip6, *nip6;
        struct icmp6_hdr *icmp6, *nicmp6;
        int icmp6len = m->m_pkthdr.len - off;
-       int code, sum, noff;
+       int code, sum;
        struct ifnet *rcvif;
        struct psref psref;
        char ip6buf[INET6_ADDRSTRLEN], ip6buf2[INET6_ADDRSTRLEN];
@@ -513,6 +507,7 @@
                icmp6_ifstat_inc(rcvif, ifs6_in_error);
                goto freeit;
        }
+
        /*
         * Enforce alignment requirements that are violated in
         * some cases, see kern/50766 for details.
@@ -525,7 +520,7 @@
                        goto freeit;
                }
                ip6 = mtod(m, struct ip6_hdr *);
-               icmp6 = (struct icmp6_hdr *)(ip6 + 1);
+               icmp6 = (struct icmp6_hdr *)(mtod(m, char *) + off);
        }
        KASSERT(IP6_HDR_ALIGNED_P(icmp6));
 
@@ -739,8 +734,6 @@
                        n = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
                        if (n)
                                n = ni6_input(n, off);
-                       /* XXX meaningless if n == NULL */
-                       noff = sizeof(struct ip6_hdr);
                } else {
                        u_char *p;
                        int maxhlen;
@@ -765,34 +758,36 @@
                        m_reset_rcvif(n);
                        n->m_len = 0;
                        maxhlen = M_TRAILINGSPACE(n) - ICMP6_MAXLEN;
-                       if (maxhlen < 0)
+                       if (maxhlen < 0) {
+                               m_free(n);
                                break;
+                       }
                        if (maxhlen > hostnamelen)
                                maxhlen = hostnamelen;
                        /*
                         * Copy IPv6 and ICMPv6 only.
                         */
                        nip6 = mtod(n, struct ip6_hdr *);
-                       bcopy(ip6, nip6, sizeof(struct ip6_hdr));
+                       memcpy(nip6, ip6, sizeof(struct ip6_hdr));
                        nicmp6 = (struct icmp6_hdr *)(nip6 + 1);
-                       bcopy(icmp6, nicmp6, sizeof(struct icmp6_hdr));
+                       memcpy(nicmp6, icmp6, sizeof(struct icmp6_hdr));
+
                        p = (u_char *)(nicmp6 + 1);
                        memset(p, 0, 4);
-                       bcopy(hostname, p + 4, maxhlen); /* meaningless TTL */
-                       noff = sizeof(struct ip6_hdr);
+                       memcpy(p + 4, hostname, maxhlen); /* meaningless TTL */
+
                        M_COPY_PKTHDR(n, m); /* just for rcvif */
                        n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) +
                                sizeof(struct icmp6_hdr) + 4 + maxhlen;
                        nicmp6->icmp6_type = ICMP6_WRUREPLY;
                        nicmp6->icmp6_code = 0;
                }
-#undef hostnamelen
                if (n) {
                        uint64_t *icmp6s = ICMP6_STAT_GETREF();
                        icmp6s[ICMP6_STAT_REFLECT]++;
                        icmp6s[ICMP6_STAT_OUTHIST + ICMP6_WRUREPLY]++;
                        ICMP6_STAT_PUTREF();
-                       icmp6_reflect(n, noff);
+                       icmp6_reflect(n, sizeof(struct ip6_hdr));
                }
                break;
            }
@@ -1128,7 +1123,7 @@
                ctlfunc = (void (*)(int, struct sockaddr *, void *))
                        (inet6sw[ip6_protox[nxt]].pr_ctlinput);
                if (ctlfunc) {
-                       (void) (*ctlfunc)(code, sin6tosa(&icmp6dst),
+                       (void)(*ctlfunc)(code, sin6tosa(&icmp6dst),
                                          &ip6cp);
                }
        }
@@ -1177,8 +1172,7 @@
                if (0 <= icmp6_mtudisc_hiwat && rtcount > icmp6_mtudisc_hiwat) {
                        mutex_exit(&icmp6_mtx);
                        return;
-               }
-               else if (0 <= icmp6_mtudisc_lowat &&
+               } else if (0 <= icmp6_mtudisc_lowat &&
                    rtcount > icmp6_mtudisc_lowat) {
                        /*
                         * XXX nuke a victim, install the new one.
@@ -2121,14 +2115,14 @@
                                return;
                }
                bcopy((void *)&nip6, mtod(m, void *), sizeof(nip6));
-       } else /* off == sizeof(struct ip6_hdr) */ {
-               size_t l;
-               l = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr);
+       } else {
+               size_t l = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr);
                if (m->m_len < l) {
                        if ((m = m_pullup(m, l)) == NULL)
                                return;
                }
        }
+
        plen = m->m_pkthdr.len - sizeof(struct ip6_hdr);
        ip6 = mtod(m, struct ip6_hdr *);
        ip6->ip6_nxt = IPPROTO_ICMPV6;



Home | Main Index | Thread Index | Old Index