Permalink
Browse files

loosened validation inner packets of icmp6 errors as much as possible.

  • Loading branch information...
1 parent 80e5c32 commit 919dc2f88fb2d5958759be76b2fd405259dad8d2 jinmei committed Nov 5, 2000
Showing with 23 additions and 29 deletions.
  1. +12 −15 freebsd3/sys/netinet/tcp_subr.c
  2. +11 −14 freebsd3/sys/netinet6/udp6_usrreq.c
@@ -924,13 +924,16 @@ tcp6_ctlinput(cmd, sa, d)
struct sockaddr *sa;
void *d;
{
- register struct tcphdr *thp;
struct tcphdr th;
void (*notify) __P((struct inpcb *, int)) = tcp_notify;
struct sockaddr_in6 sa6;
struct ip6_hdr *ip6;
struct mbuf *m;
int off = 0;
+ struct tcp_portonly {
+ u_int16_t th_sport;
+ u_int16_t th_dport;
+ } *thp;
if (sa->sa_family != AF_INET6 ||
sa->sa_len != sizeof(struct sockaddr_in6))
@@ -973,20 +976,14 @@ tcp6_ctlinput(cmd, sa, d)
s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
/* check if we can safely examine src and dst ports */
- if (m->m_pkthdr.len < off + sizeof(th))
- return;
-
- if (m->m_len < off + sizeof(th)) {
- /*
- * this should be rare case,
- * so we compromise on this copy...
- */
- m_copydata(m, off, sizeof(th), (caddr_t)&th);
- thp = &th;
- } else
- thp = (struct tcphdr *)(mtod(m, caddr_t) + off);
- in6_pcbnotify(&tcb, (struct sockaddr *)&sa6, thp->th_dport,
- &s, thp->th_sport, cmd, notify);
+ if (m->m_pkthdr.len < off + sizeof(*thp))
+ return;
+
+ bzero(&th, sizeof(th));
+ m_copydata(m, off, sizeof(*thp), (caddr_t)&th);
+
+ in6_pcbnotify(&tcb, (struct sockaddr *)&sa6, th.th_dport,
+ &s, th.th_sport, cmd, notify);
} else
in6_pcbnotify(&tcb, (struct sockaddr *)&sa6, 0, &zeroin6_addr,
0, cmd, notify);
@@ -1,4 +1,4 @@
-/* $KAME: udp6_usrreq.c,v 1.38 2000/11/01 08:13:54 itojun Exp $ */
+/* $KAME: udp6_usrreq.c,v 1.39 2000/11/05 18:26:33 jinmei Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -406,13 +406,16 @@ udp6_ctlinput(cmd, sa, d)
struct sockaddr *sa;
void *d;
{
- register struct udphdr *uhp;
struct udphdr uh;
struct sockaddr_in6 sa6;
struct ip6_hdr *ip6;
struct mbuf *m;
int off = 0;
void (*notify) __P((struct inpcb *, int)) = udp_notify;
+ struct udp_portonly {
+ u_int16_t uh_sport;
+ u_int16_t uh_dport;
+ } *uhp;
if (sa->sa_family != AF_INET6 ||
sa->sa_len != sizeof(struct sockaddr_in6))
@@ -456,21 +459,15 @@ udp6_ctlinput(cmd, sa, d)
s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
/* check if we can safely examine src and dst ports */
- if (m->m_pkthdr.len < off + sizeof(uh))
+ if (m->m_pkthdr.len < off + sizeof(*uhp))
return;
- if (m->m_len < off + sizeof(uh)) {
- /*
- * this should be rare case,
- * so we compromise on this copy...
- */
- m_copydata(m, off, sizeof(uh), (caddr_t)&uh);
- uhp = &uh;
- } else
- uhp = (struct udphdr *)(mtod(m, caddr_t) + off);
+ bzero(&uh, sizeof(uh));
+ m_copydata(m, off, sizeof(*uhp), (caddr_t)&uh);
+
(void) in6_pcbnotify(&udb, (struct sockaddr *)&sa6,
- uhp->uh_dport, &s,
- uhp->uh_sport, cmd, notify);
+ uh.uh_dport, &s,
+ uh.uh_sport, cmd, notify);
} else
(void) in6_pcbnotify(&udb, (struct sockaddr *)&sa6, 0,
&zeroin6_addr, 0, cmd, notify);

0 comments on commit 919dc2f

Please sign in to comment.