summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJun-ichiro itojun Hagino <itojun@FreeBSD.org>2000-10-23 07:11:01 +0000
committerJun-ichiro itojun Hagino <itojun@FreeBSD.org>2000-10-23 07:11:01 +0000
commitd31944e6ec798fa765ad8608b52b2fe32435030a (patch)
treede7398eef46e1548ad01970291aae9d4c6c1a153
parenta91a9fde81070fd9202d6d010421bbecc711929a (diff)
Notes
Diffstat
-rw-r--r--sys/netinet/tcp_subr.c7
-rw-r--r--sys/netinet/tcp_timewait.c7
-rw-r--r--sys/netinet6/udp6_usrreq.c6
3 files changed, 17 insertions, 3 deletions
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 4541f4e06ed5..25c9b66b9da6 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -1012,6 +1012,7 @@ tcp6_ctlinput(cmd, sa, d)
} else {
m = NULL;
ip6 = NULL;
+ off = 0; /* fool gcc */
}
/*
@@ -1036,7 +1037,11 @@ tcp6_ctlinput(cmd, sa, d)
m->m_pkthdr.rcvif != NULL)
s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
- if (m->m_len < off + sizeof(*thp)) {
+ /* check if we can safely examine src and dst ports */
+ if (m->m_pkthdr.len < off + sizeof(th))
+ return;
+
+ if (m->m_len < off + sizeof(th)) {
/*
* this should be rare case
* because now MINCLSIZE is "(MHLEN + 1)",
diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c
index 4541f4e06ed5..25c9b66b9da6 100644
--- a/sys/netinet/tcp_timewait.c
+++ b/sys/netinet/tcp_timewait.c
@@ -1012,6 +1012,7 @@ tcp6_ctlinput(cmd, sa, d)
} else {
m = NULL;
ip6 = NULL;
+ off = 0; /* fool gcc */
}
/*
@@ -1036,7 +1037,11 @@ tcp6_ctlinput(cmd, sa, d)
m->m_pkthdr.rcvif != NULL)
s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
- if (m->m_len < off + sizeof(*thp)) {
+ /* check if we can safely examine src and dst ports */
+ if (m->m_pkthdr.len < off + sizeof(th))
+ return;
+
+ if (m->m_len < off + sizeof(th)) {
/*
* this should be rare case
* because now MINCLSIZE is "(MHLEN + 1)",
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index beda1e92db09..bb0ae73b885f 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -1,5 +1,5 @@
/* $FreeBSD$ */
-/* $KAME: udp6_usrreq.c,v 1.11 2000/06/18 06:23:06 jinmei Exp $ */
+/* $KAME: udp6_usrreq.c,v 1.17 2000/10/13 17:46:21 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -450,6 +450,10 @@ udp6_ctlinput(cmd, sa, d)
if (IN6_IS_ADDR_LINKLOCAL(&s))
s.s6_addr16[1] = htons(m->m_pkthdr.rcvif->if_index);
+ /* check if we can safely examine src and dst ports */
+ if (m->m_pkthdr.len < off + sizeof(uh))
+ return;
+
if (m->m_len < off + sizeof(uh)) {
/*
* this should be rare case,
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-30 07:10:25 +0000