CVS commit: src/sys

Manuel Bouyer Sun, 15 Sep 2019 14:00:31 -0700

Module Name:    src
Committed By:   bouyer
Date:           Sun Sep 15 21:00:16 UTC 2019


Modified Files:
        src/sys/netinet: ip_input.c
        src/sys/netinet6: ip6_input.c

Log Message:
Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.


To generate a diff of this commit:
cvs rdiff -u -r1.389 -r1.390 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.208 -r1.209 src/sys/netinet6/ip6_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.389 src/sys/netinet/ip_input.c:1.390
--- src/sys/netinet/ip_input.c:1.389	Mon May 13 07:47:59 2019
+++ src/sys/netinet/ip_input.c	Sun Sep 15 21:00:15 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_input.c,v 1.389 2019/05/13 07:47:59 ozaki-r Exp $	*/
+/*	$NetBSD: ip_input.c,v 1.390 2019/09/15 21:00:15 bouyer Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.389 2019/05/13 07:47:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.390 2019/09/15 21:00:15 bouyer Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -581,10 +581,25 @@ ip_input(struct mbuf *m)
 			IP_STATINC(IP_STAT_PFILDROP_IN);
 			goto out;
 		}
-		KASSERT(m->m_len >= sizeof(struct ip));
+		if (__predict_false(m->m_len < sizeof(struct ip))) {
+			if ((m = m_pullup(m, sizeof(struct ip))) == NULL) {
+				IP_STATINC(IP_STAT_TOOSMALL);
+				goto out;
+			}
+		}
 		ip = mtod(m, struct ip *);
 		hlen = ip->ip_hl << 2;
-		KASSERT(m->m_len >= hlen);
+		if (hlen < sizeof(struct ip)) {	/* minimum header length */
+			IP_STATINC(IP_STAT_BADHLEN);
+			goto out;
+		}
+		if (hlen > m->m_len) {
+			if ((m = m_pullup(m, hlen)) == NULL) {
+				IP_STATINC(IP_STAT_BADHLEN);
+				goto out;
+			}
+			ip = mtod(m, struct ip *);
+		}
 
 		/*
 		 * XXX The setting of "srcrt" here is to prevent ip_forward()

Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.208 src/sys/netinet6/ip6_input.c:1.209
--- src/sys/netinet6/ip6_input.c:1.208	Mon May 13 07:47:59 2019
+++ src/sys/netinet6/ip6_input.c	Sun Sep 15 21:00:15 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_input.c,v 1.208 2019/05/13 07:47:59 ozaki-r Exp $	*/
+/*	$NetBSD: ip6_input.c,v 1.209 2019/09/15 21:00:15 bouyer Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.208 2019/05/13 07:47:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.209 2019/09/15 21:00:15 bouyer Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -356,7 +356,13 @@ ip6_input(struct mbuf *m, struct ifnet *
 			IP6_STATINC(IP6_STAT_PFILDROP_IN);
 			return;
 		}
-		KASSERT(m->m_len >= sizeof(struct ip6_hdr));
+		if (m->m_len < sizeof(struct ip6_hdr)) {
+			if ((m = m_pullup(m, sizeof(struct ip6_hdr))) == NULL) {
+				IP6_STATINC(IP6_STAT_TOOSMALL);
+				in6_ifstat_inc(rcvif, ifs6_in_hdrerr);
+				return;
+			}
+		}
 		ip6 = mtod(m, struct ip6_hdr *);
 		srcrt = !IN6_ARE_ADDR_EQUAL(&odst, &ip6->ip6_dst);
 	}

CVS commit: src/sys

Reply via email to