[src/trunk]: src/sys/netinet Kick duplicate options, they are not allowed (RF...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/45729e797fee
branches:  trunk
changeset: 829542:45729e797fee
user:      maxv <maxv%NetBSD.org@localhost>
date:      Mon Feb 05 13:52:39 2018 +0000

description:
Kick duplicate options, they are not allowed (RFC791).

diffstat:

 sys/netinet/ip_input.c |  29 +++++++++++++++++++++++++++--
 1 files changed, 27 insertions(+), 2 deletions(-)

diffs (76 lines):

diff -r db4a940ea2ee -r 45729e797fee sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c    Mon Feb 05 13:34:20 2018 +0000
+++ b/sys/netinet/ip_input.c    Mon Feb 05 13:52:39 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_input.c,v 1.367 2018/02/05 13:34:20 maxv Exp $      */
+/*     $NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $      */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.367 2018/02/05 13:34:20 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.368 2018/02/05 13:52:39 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -873,11 +873,17 @@
        struct ip_timestamp *ipt;
        struct in_ifaddr *ia;
        int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
+       int lsrr_present, ssrr_present, rr_present, ts_present;
        struct in_addr dst;
        n_time ntime;
        struct ifaddr *ifa = NULL;
        int s;
 
+       lsrr_present = 0;
+       ssrr_present = 0;
+       rr_present = 0;
+       ts_present = 0;
+
        dst = ip->ip_dst;
        cp = (u_char *)(ip + 1);
        cnt = (ip->ip_hl << 2) - sizeof(struct ip);
@@ -925,6 +931,17 @@
                                code = ICMP_UNREACH_NET_PROHIB;
                                goto bad;
                        }
+                       if (opt == IPOPT_LSRR) {
+                               if (lsrr_present++) {
+                                       code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
+                                       goto bad;
+                               }
+                       } else {
+                               if (ssrr_present++) {
+                                       code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
+                                       goto bad;
+                               }
+                       }
                        if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
                                code = &cp[IPOPT_OLEN] - (u_char *)ip;
                                goto bad;
@@ -999,6 +1016,10 @@
                            .sin_family = AF_INET,
                        };
 
+                       if (rr_present++) {
+                               code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
+                               goto bad;
+                       }
                        if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
                                code = &cp[IPOPT_OLEN] - (u_char *)ip;
                                goto bad;
@@ -1040,6 +1061,10 @@
                case IPOPT_TS:
                        code = cp - (u_char *)ip;
                        ipt = (struct ip_timestamp *)cp;
+                       if (ts_present++) {
+                               code = &cp[IPOPT_OPTVAL] - (u_char *)ip;
+                               goto bad;
+                       }
                        if (ipt->ipt_len < 4 || ipt->ipt_len > 40) {
                                code = (u_char *)&ipt->ipt_len - (u_char *)ip;
                                goto bad;