Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/netinet arp: Validate L2 sender hardware address matches...

details:   https://anonhg.NetBSD.org/src/rev/99ad019fa266
branches:  trunk
changeset: 372320:99ad019fa266
user:      roy <roy%NetBSD.org@localhost>
date:      Mon Nov 14 09:32:21 2022 +0000

description:
arp: Validate L2 sender hardware address matches ARP probe

RFC 5227 section 1.1 states that for a DaD ARP probe the sender hardware
address must match the hardware address of the interface sending the
packet.

We can now verify this by checking the mbuf packet header.

This fixes an obsure issue where an old router was sending out bogus
ARP probes.

diffstat:

 sys/netinet/if_arp.c |  11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diffs (39 lines):

diff -r 22629aefeb0d -r 99ad019fa266 sys/netinet/if_arp.c
--- a/sys/netinet/if_arp.c      Mon Nov 14 09:23:42 2022 +0000
+++ b/sys/netinet/if_arp.c      Mon Nov 14 09:32:21 2022 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_arp.c,v 1.308 2022/09/03 01:35:03 thorpej Exp $     */
+/*     $NetBSD: if_arp.c,v 1.309 2022/11/14 09:32:21 roy Exp $ */
 
 /*
  * Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.308 2022/09/03 01:35:03 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.309 2022/11/14 09:32:21 roy Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ddb.h"
@@ -932,6 +932,8 @@
 
        /*
         * DAD check, RFC 5227.
+        * ARP sender hardware address must match the interface
+        * address of the interface sending the packet.
         * Collision on sender address is always a duplicate.
         * Collision on target address is only a duplicate
         * IF the sender address is the null host (ie a DAD probe)
@@ -943,7 +945,10 @@
            (in_hosteq(isaddr, myaddr) ||
            (in_nullhost(isaddr) && in_hosteq(itaddr, myaddr) &&
             m->m_flags & M_BCAST &&
-            ia->ia4_flags & (IN_IFF_TENTATIVE | IN_IFF_DUPLICATED))))
+            ia->ia4_flags & (IN_IFF_TENTATIVE | IN_IFF_DUPLICATED))) &&
+           m->m_pkthdr.l2_shalen == ah->ar_hln && (
+           ah->ar_hln == 0 ||
+           memcmp(m->m_pkthdr.l2_sha, ar_sha(ah), ah->ar_hln) == 0))
        {
                struct sockaddr_dl sdl, *sdlp;
Home | Main Index | Thread Index | Old Index