Page MenuHomeFreeBSD
Differential D19181

Improve input validation when when using IP_HDRINCL socket option on SOCK_RAW sockets
ClosedPublic
Actions

Authored by tuexen on Feb 13 2019, 8:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 1, 3:20 AM
Unknown Object (File)
Jan 15 2024, 11:32 AM
Unknown Object (File)
Dec 31 2023, 1:06 AM
Unknown Object (File)
Dec 29 2023, 9:08 PM
Unknown Object (File)
Dec 23 2023, 12:31 AM
Unknown Object (File)
Dec 20 2023, 1:12 AM
Unknown Object (File)
Nov 26 2023, 7:35 AM
Unknown Object (File)
Nov 24 2023, 2:04 AM
View All 39 Files
Subscribers
imp

Details

Reviewers
jtl
lstewart
glebius
Commits
rS347122: MFC r346182:
rS346182: When sending IPv4 packets on a SOCK_RAW socket using the IP_HDRINCL option,
Summary

When sending IPv4 packets on a SOCK_RAW socket using the IP_HDRINCL, ensure that the ip_hl field is valid. Furthermore, ensure that the complete IPv4 header is contained in the first mbuf. Finally, move the length checks before relying on them when accessing fields of the IPv4 header.

Thanks to jtl@ for bringing up these issues.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

tuexen created this revision.Feb 13 2019, 8:00 PM
Herald added a subscriber: imp. · View Herald TranscriptFeb 13 2019, 8:00 PM
Harbormaster completed remote builds in B22484: Diff 53884.Feb 13 2019, 8:00 PM
jtl accepted this revision.Feb 21 2019, 7:03 PM

Thanks!

sys/netinet/raw_ip.c
530 ↗(On Diff #53884)

I feel like this is a bit redundant. If m->m_pkthdr.len is set correctly, then the m_pullup should fail if m->m_pkthdr.len < hlen. (And, you've established on line 529 that ntohs(ip->ip_len) is equal to m->m_pkthdr.len.) However, to be clear, I do not strongly feel that this should be changed.

This revision is now accepted and ready to land.Feb 21 2019, 7:03 PM
tuexen updated this revision to Diff 54195.Feb 21 2019, 7:19 PM

Integrate jtl@'s suggestion.

This revision now requires review to proceed.Feb 21 2019, 7:19 PM
Harbormaster completed remote builds in B22648: Diff 54195.Feb 21 2019, 7:19 PM
tuexen marked an inline comment as done.Feb 21 2019, 7:20 PM
tuexen added inline comments.
sys/netinet/raw_ip.c
530 ↗(On Diff #53884)

I integrated your suggestion.

This revision was not accepted when it landed; it landed in state Needs Review.Apr 13 2019, 10:48 AM
Closed by commit rS346182: When sending IPv4 packets on a SOCK_RAW socket using the IP_HDRINCL option, (authored by tuexen). · Explain Why
This revision was automatically updated to reflect the committed changes.
tuexen marked an inline comment as done.

Revision Contents
Changeset List

PathSize
head/
sys/
netinet/
29 lines

Diff 56163

View Options

head/sys/netinet/raw_ip.c

Loading...