[src/netbsd-1-5]: src/sys/netinet pullup 1.114 -> 1.115 (approved by releng-1-5)

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-1-5]: src/sys/netinet pullup 1.114 -> 1.115 (approved by releng-1-5)
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 07:18:13 +0000

details:   https://anonhg.NetBSD.org/src/rev/2c60da834af3
branches:  netbsd-1-5
changeset: 488787:2c60da834af3
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Jul 28 02:31:08 2000 +0000

description:
pullup 1.114 -> 1.115 (approved by releng-1-5)

 > be proactive about unspecified IPv6 source address.  pcb layer uses
 > unspecified address (::) to mean "unbounded" or "unconnected",
 > and can be confused by packets from outside.
 >
 > use of :: as source is not documented well in IPv6 specification.
 >
 > not sure if it presents a real threat.  the worst case scenario is a DoS
 > against TCP listening socket:
 > - - outsider transmit TCP SYN with :: as IPv6 source
 > - - receiving side creates TCP control block with:
 >      local address = my addres
 >      remote address = ::     (meaning "unconnected")
 >      state = SYN_RCVD
 >   note that SYN ACK will not be sent due to ip6_output() filter.
 >   this stays until it timeouts.
 > - - the TCP control block prevents listening TCP control block from
 >   being contacted (DoS).
 >
 > udp6/raw6 socket may have similar problem, but as they are connectionless,
 > it may too much to filter it out.

diffstat:

 sys/netinet/tcp_input.c |  15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diffs (29 lines):

diff -r e41004ab9dc7 -r 2c60da834af3 sys/netinet/tcp_input.c
--- a/sys/netinet/tcp_input.c   Fri Jul 28 01:09:28 2000 +0000
+++ b/sys/netinet/tcp_input.c   Fri Jul 28 02:31:08 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tcp_input.c,v 1.108.4.5 2000/07/23 07:27:11 itojun Exp $       */
+/*     $NetBSD: tcp_input.c,v 1.108.4.6 2000/07/28 02:31:08 itojun Exp $       */
 
 /*
 %%% portions-copyright-nrl-95
@@ -690,6 +690,19 @@
                }
 
                /*
+                * Be proactive about unspecified IPv6 address in source.
+                * As we use all-zero to indicate unbounded/unconnected pcb,
+                * unspecified IPv6 address can be used to confuse us.
+                *
+                * Note that packets with unspecified IPv6 destination is
+                * already dropped in ip6_input.
+                */
+               if (IN6_IS_ADDR_UNSPECIFIED(&ip6->ip6_src)) {
+                       /* XXX stat */
+                       goto drop;
+               }
+
+               /*
                 * Make sure destination address is not multicast.
                 * Source address checked in ip6_input().
                 */

Prev by Date: [src/netbsd-1-5]: src/sys/netinet6 pullup 1.15 -> 1.16 (aproved by releng-1-5)
Next by Date: [src/netbsd-1-5]: src/sys/dev/mii Pullup revision 1.28 (approved by Jason Tho...
Previous by Thread: [src/netbsd-1-5]: src/sys/netinet6 pullup 1.15 -> 1.16 (aproved by releng-1-5)
Next by Thread: [src/netbsd-1-5]: src/sys/dev/mii Pullup revision 1.28 (approved by Jason Tho...
Indexes:

Home | Main Index | Thread Index | Old Index