aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-04-15 17:22:10 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-04-15 17:22:10 +0000
commit400c1f73f2a1d5074705df6cbb9333e682cfc64a (patch)
tree91dda9787610be804f2486e99c761f48ff32f364
parent6fae8a85039980b82a5cf7eac8ba9e24f0b11dc3 (diff)
downloadsrc-400c1f73f2a1d5074705df6cbb9333e682cfc64a.tar.gz
src-400c1f73f2a1d5074705df6cbb9333e682cfc64a.zip
MFC 1.148, 1.149: The TCP code did not do sufficient checks on whether
incoming packets were destined for a broadcast IP address.
Notes
Notes: svn path=/releng/4.4/; revision=94783
-rw-r--r--sys/netinet/tcp_input.c15
1 files changed, 8 insertions, 7 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 8f8a9731235a..c0d49f7d6122 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1052,11 +1052,10 @@ findpcb:
}
/*
* RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
- * in_broadcast() should never return true on a received
- * packet with M_BCAST not set.
- *
- * Packets with a multicast source address should also
- * be discarded.
+ *
+ * Note that it is quite possible to receive unicast
+ * link-layer packets with a broadcast IP address. Use
+ * in_broadcast() to find them.
*/
if (m->m_flags & (M_BCAST|M_MCAST))
goto drop;
@@ -1069,7 +1068,8 @@ findpcb:
#endif
if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
- ip->ip_src.s_addr == htonl(INADDR_BROADCAST))
+ ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
goto drop;
#ifdef INET6
if (isipv6) {
@@ -2332,7 +2332,8 @@ dropwithreset:
#endif /* INET6 */
if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) ||
IN_MULTICAST(ntohl(ip->ip_src.s_addr)) ||
- ip->ip_src.s_addr == htonl(INADDR_BROADCAST))
+ ip->ip_src.s_addr == htonl(INADDR_BROADCAST) ||
+ in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif))
goto drop;
/* IPv6 anycast check is done at tcp6_input() */