Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet security: test for ip_len < ip_hl <<2 and drop p...
details: https://anonhg.NetBSD.org/src/rev/1cc96fe7b8c0
branches: trunk
changeset: 467603:1cc96fe7b8c0
user: proff <proff%NetBSD.org@localhost>
date: Fri Mar 26 08:51:35 1999 +0000
description:
security: test for ip_len < ip_hl <<2 and drop packet accordingly
diffstat:
sys/netinet/ip_flow.c | 4 ++--
sys/netinet/ip_input.c | 11 ++++++++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diffs (43 lines):
diff -r e70cc6a2dc87 -r 1cc96fe7b8c0 sys/netinet/ip_flow.c
--- a/sys/netinet/ip_flow.c Fri Mar 26 08:45:25 1999 +0000
+++ b/sys/netinet/ip_flow.c Fri Mar 26 08:51:35 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_flow.c,v 1.12 1999/01/28 21:29:27 itohy Exp $ */
+/* $NetBSD: ip_flow.c,v 1.13 1999/03/26 08:51:35 proff Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -160,7 +160,7 @@
ip = mtod(m, struct ip *);
iplen = ntohs(ip->ip_len);
if (ip->ip_v != IPVERSION || ip->ip_hl != (sizeof(struct ip) >> 2) ||
- iplen > m->m_pkthdr.len)
+ iplen < sizeof(struct ip) || iplen > m->m_pkthdr.len)
return 0;
/*
* Find a flow.
diff -r e70cc6a2dc87 -r 1cc96fe7b8c0 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Fri Mar 26 08:45:25 1999 +0000
+++ b/sys/netinet/ip_input.c Fri Mar 26 08:51:35 1999 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.80 1999/01/19 23:39:57 mycroft Exp $ */
+/* $NetBSD: ip_input.c,v 1.81 1999/03/26 08:51:36 proff Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -353,6 +353,15 @@
len = ip->ip_len;
/*
+ * Check for additional length bogosity
+ */
+ if (len < hlen)
+ {
+ ipstat.ips_badlen++;
+ goto bad;
+ }
+
+ /*
* Check that the amount of data in the buffers
* is as at least much as the IP header would have us expect.
* Trim mbufs if longer than we expect.
Home |
Main Index |
Thread Index |
Old Index