Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/net/npf If we fail to advance inside TCP/UDP/ICMPv4/ICMP...



details:   https://anonhg.NetBSD.org/src/rev/3bc2b35aebb4
branches:  trunk
changeset: 321570:3bc2b35aebb4
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Mar 23 08:28:54 2018 +0000

description:
If we fail to advance inside TCP/UDP/ICMPv4/ICMPv6, stop pretending L4
is unknown, and error out right away.

This prevents bugs in machinery, if a place looks for L4 in 'npc_proto'
without checking the cache too. I've seen a ~similar problem already.

diffstat:

 sys/net/npf/npf_inet.c |  25 ++++++++++++++++---------
 1 files changed, 16 insertions(+), 9 deletions(-)

diffs (57 lines):

diff -r 72667a9def3b -r 3bc2b35aebb4 sys/net/npf/npf_inet.c
--- a/sys/net/npf/npf_inet.c    Fri Mar 23 06:01:07 2018 +0000
+++ b/sys/net/npf/npf_inet.c    Fri Mar 23 08:28:54 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: npf_inet.c,v 1.46 2018/03/22 09:04:25 maxv Exp $       */
+/*     $NetBSD: npf_inet.c,v 1.47 2018/03/23 08:28:54 maxv Exp $       */
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -40,7 +40,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.46 2018/03/22 09:04:25 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.47 2018/03/23 08:28:54 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -485,9 +485,7 @@
        flags = npf_cache_ip(npc, nbuf);
        if ((flags & NPC_IP46) == 0 || (flags & NPC_IPFRAG) != 0 ||
            (flags & NPC_FMTERR) != 0) {
-               nbuf_unset_flag(nbuf, NBUF_DATAREF_RESET);
-               npc->npc_info |= flags;
-               return flags;
+               goto out;
        }
        hlen = npc->npc_hlen;
 
@@ -526,14 +524,23 @@
                break;
        }
 
+       /* Error out if nbuf_advance failed. */
+       if (l4flags && npc->npc_l4.hdr == NULL) {
+               goto err;
+       }
+
        if (nbuf_flag_p(nbuf, NBUF_DATAREF_RESET)) {
                goto again;
        }
 
-       /* Add the L4 flags if nbuf_advance() succeeded. */
-       if (l4flags && npc->npc_l4.hdr) {
-               flags |= l4flags;
-       }
+       flags |= l4flags;
+       npc->npc_info |= flags;
+       return flags;
+
+err:
+       flags = NPC_FMTERR;
+out:
+       nbuf_unset_flag(nbuf, NBUF_DATAREF_RESET);
        npc->npc_info |= flags;
        return flags;
 }



Home | Main Index | Thread Index | Old Index