diff options
| author | Paul Traina <pst@FreeBSD.org> | 1996-03-13 08:13:17 +0000 |
|---|---|---|
| committer | Paul Traina <pst@FreeBSD.org> | 1996-03-13 08:13:17 +0000 |
| commit | e42005ec2b10336c87db57c5b097e3bc30e28772 (patch) | |
| tree | 84c87b0765c7de157e2deb5bc5effff8f433d782 /sys/netinet | |
| parent | 4277b40138a15fbff6701e61cea3482ead1c5123 (diff) | |
Notes
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_output.c | 5 | ||||
| -rw-r--r-- | sys/netinet/raw_ip.c | 14 |
2 files changed, 14 insertions, 5 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index be3739bd3913..7d2e11ffeabf 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 - * $Id: ip_output.c,v 1.19.4.4 1996/02/26 15:23:37 phk Exp $ + * $Id: ip_output.c,v 1.19.4.5 1996/03/04 04:56:23 davidg Exp $ */ #include <sys/param.h> @@ -467,6 +467,8 @@ bad: * Insert IP options into preformed packet. * Adjust IP destination as required for IP source routing, * as indicated by a non-zero in_addr at the start of the options. + * + * XXX This routine assumes that the packet has no options in place. */ static struct mbuf * ip_insertoptions(m, opt, phlen) @@ -505,6 +507,7 @@ ip_insertoptions(m, opt, phlen) ip = mtod(m, struct ip *); (void)memcpy(ip + 1, p->ipopt_list, (unsigned)optlen); *phlen = sizeof(struct ip) + optlen; + ip->ip_hl = *phlen >> 2; ip->ip_len += optlen; return (m); } diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 4df224961bc2..09fa83ac3ae8 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 - * $Id: raw_ip.c,v 1.27 1996/02/24 13:38:28 phk Exp $ + * $Id: raw_ip.c,v 1.19.4.6 1996/02/26 15:23:39 phk Exp $ */ #include <sys/param.h> @@ -166,17 +166,23 @@ rip_output(m, so, dst) ip->ip_src = inp->inp_laddr; ip->ip_dst.s_addr = dst; ip->ip_ttl = MAXTTL; - opts = inp->inp_options; } else { ip = mtod(m, struct ip *); + /* don't allow both user specified and setsockopt options, + and don't allow packet length sizes that will crash */ + if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) || + (ip->ip_len > m->m_pkthdr.len)) { + m_freem(m); + return EINVAL; + } if (ip->ip_id == 0) ip->ip_id = htons(ip_id++); - opts = NULL; /* XXX prevent ip_output from overwriting header fields */ flags |= IP_RAWOUTPUT; ipstat.ips_rawout++; } - return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions)); + return (ip_output(m, inp->inp_options, &inp->inp_route, flags, + inp->inp_moptions)); } /* |