Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netinet Drop packet, increment udps_badlen if the udp he...
details: https://anonhg.NetBSD.org/src/rev/b16413b74ea6
branches: trunk
changeset: 495194:b16413b74ea6
user: sommerfeld <sommerfeld%NetBSD.org@localhost>
date: Mon Jul 24 03:46:57 2000 +0000
description:
Drop packet, increment udps_badlen if the udp header length field
reports a size smaller than the udp header; defends against bogosity
detected by Assar Westerlund.
This patch and the previous ip_icmp.c change were the joint work of
assar, itojun, and myself.
diffstat:
sys/netinet/udp_usrreq.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diffs (27 lines):
diff -r 809accf267de -r b16413b74ea6 sys/netinet/udp_usrreq.c
--- a/sys/netinet/udp_usrreq.c Mon Jul 24 03:32:31 2000 +0000
+++ b/sys/netinet/udp_usrreq.c Mon Jul 24 03:46:57 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: udp_usrreq.c,v 1.69 2000/07/07 15:54:16 itojun Exp $ */
+/* $NetBSD: udp_usrreq.c,v 1.70 2000/07/24 03:46:57 sommerfeld Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -231,7 +231,7 @@
*/
len = ntohs((u_int16_t)uh->uh_ulen);
if (ip->ip_len != iphlen + len) {
- if (ip->ip_len < iphlen + len) {
+ if (ip->ip_len < iphlen + len || len < sizeof(struct udphdr)) {
udpstat.udps_badlen++;
goto bad;
}
@@ -914,7 +914,7 @@
*/
len = ntohs((u_int16_t)uh->uh_ulen);
if (ip->ip_len != iphlen + len) {
- if (ip->ip_len < iphlen + len) {
+ if (ip->ip_len < iphlen + len || len < sizeof(struct udphdr)) {
udpstat.udps_badlen++;
goto bad;
}
Home |
Main Index |
Thread Index |
Old Index