Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security: test for ip_len < ip_hl <<2 and drop packet accordingly

Browse Source
This commit is contained in:
proff 1999-03-26 08:51:35 +00:00
parent 3423145ca4
commit 85ab19698a
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/netinet/ip_flow.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_flow.c,v 1.12 1999/01/28 21:29:27 itohy Exp $ */
/* $NetBSD: ip_flow.c,v 1.13 1999/03/26 08:51:35 proff Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@ -160,7 +160,7 @@ ipflow_fastforward(
ip = mtod(m, struct ip *);
iplen = ntohs(ip->ip_len);
if (ip->ip_v != IPVERSION || ip->ip_hl != (sizeof(struct ip) >> 2) ||
iplen > m->m_pkthdr.len)
iplen < sizeof(struct ip) || iplen > m->m_pkthdr.len)
return 0;
/*
* Find a flow.

11
sys/netinet/ip_input.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ip_input.c,v 1.80 1999/01/19 23:39:57 mycroft Exp $ */
/* $NetBSD: ip_input.c,v 1.81 1999/03/26 08:51:36 proff Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@ -352,6 +352,15 @@ next:
NTOHS(ip->ip_off);
len = ip->ip_len;
/*
* Check for additional length bogosity
*/
if (len < hlen)
{
ipstat.ips_badlen++;
goto bad;
}
/*
* Check that the amount of data in the buffers
* is as at least much as the IP header would have us expect.