Page MenuHomeFreeBSD

netinet: Explicitly disallow connections to the unspecified address
ClosedPublic

Authored by markj on Aug 27 2024, 1:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Jul 12, 12:17 AM
Unknown Object (File)
Sat, Jul 4, 1:23 PM
Unknown Object (File)
Thu, Jul 2, 3:18 PM
Unknown Object (File)
Tue, Jun 30, 8:54 AM
Unknown Object (File)
Tue, Jun 30, 8:00 AM
Unknown Object (File)
Sun, Jun 28, 8:53 AM
Unknown Object (File)
Fri, Jun 26, 5:11 PM
Unknown Object (File)
Mon, Jun 22, 5:41 PM

Details

Summary

If the V_connect_ifaddr_wild sysctl says that we shouldn't infer a
destination address, return an error. Otherwise it's possible for use
of an unspecified foreign address to trigger a subsequent assertion
failure, for example in in_pcblookup_hash_locked().

Reported by: Shawn Webb <shawn.webb@hardenedbsd.org>

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

markj requested review of this revision.Aug 27 2024, 1:52 PM
This revision is now accepted and ready to land.Aug 27 2024, 4:02 PM

What if V_connect_inaddr_wild is true but also CK_STAILQ_EMPTY(&V_in_ifaddrhead)?
I guess ENETUNREACH is sensible in that case as well.

What if V_connect_inaddr_wild is true but also CK_STAILQ_EMPTY(&V_in_ifaddrhead)?
I guess ENETUNREACH is sensible in that case as well.

Yes, that was intentional. This is really about ensuring that the unspecified address, which is used as a sentinel in some places, doesn't get propagated further down into the inpcb layer.

zlei added a subscriber: zlei.

Looks good to me.