From ffdd061c1f0fa94c32b0db19affe316e65da3b30 Mon Sep 17 00:00:00 2001
From: itojun <itojun>
Date: Fri, 7 Jan 2000 18:16:51 +0000
Subject: [PATCH] drop incoming udp packet with dst port = 0.  it seems to be
 illegal based on RFC768.

commit for other OSes will follow.
---
 kame/sys/netinet6/udp6_usrreq.c |  4 ++++
 netbsd/sys/netinet/udp_usrreq.c | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/kame/sys/netinet6/udp6_usrreq.c b/kame/sys/netinet6/udp6_usrreq.c
index 4c097d0229..a1dfe62fbe 100644
--- a/kame/sys/netinet6/udp6_usrreq.c
+++ b/kame/sys/netinet6/udp6_usrreq.c
@@ -199,6 +199,10 @@ udp6_input(mp, offp, proto)
 		goto bad;
 	}
 
+	/* destination port of 0 is illegal, based on RFC768. */
+	if (uh->uh_dport == 0)
+		goto bad;
+
 	/* Be proactive about malicious use of IPv4 mapped address */
 	if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
diff --git a/netbsd/sys/netinet/udp_usrreq.c b/netbsd/sys/netinet/udp_usrreq.c
index e931a0a263..30c85371cb 100644
--- a/netbsd/sys/netinet/udp_usrreq.c
+++ b/netbsd/sys/netinet/udp_usrreq.c
@@ -218,6 +218,10 @@ udp_input(m, va_alist)
 	}
 #endif
 
+	/* destination port of 0 is illegal, based on RFC768. */
+	if (uh->uh_dport == 0)
+		goto bad;
+
 	/*
 	 * Make mbuf data length reflect UDP length.
 	 * If not enough data to reflect UDP length, drop.
@@ -375,6 +379,10 @@ udp6_input(mp, offp, proto)
 		goto bad;
 	}
 
+	/* destination port of 0 is illegal, based on RFC768. */
+	if (uh->uh_dport == 0)
+		goto bad;
+
 	/* Be proactive about malicious use of IPv4 mapped address */
 	if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
 	    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
@@ -926,6 +934,10 @@ udp_input(m, va_alist)
 	}
 	uh = (struct udphdr *)((caddr_t)ip + iphlen);
 
+	/* destination port of 0 is illegal, based on RFC768. */
+	if (uh->uh_dport == 0)
+		goto bad;
+
 	/*
 	 * Make mbuf data length reflect UDP length.
 	 * If not enough data to reflect UDP length, drop.