Fix ip option processing for raw IP sockets. This whole thing is a compromise
between ignoring options specified in the setsockopt call if IP_HDRINCL is set (the UCB choice when VJ's code was brought in) vs allowing them (what everyone else did, and what is assumed by programs everywhere...sigh). Also perform some checking of the passed down packet to avoid running off the end of a mbuf chain. Reviewed by: fenner
This commit is contained in:
Paul Traina
parent
308c24ba5e
commit
072b9b24e3
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=14611
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)ip_output.c 8.3 (Berkeley) 1/21/94
|
||||
* $Id: ip_output.c,v 1.30 1996/02/24 00:17:35 phk Exp $
|
||||
* $Id: ip_output.c,v 1.31 1996/03/11 15:13:21 davidg Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -473,6 +473,8 @@ ip_output(m0, opt, ro, flags, imo)
|
||||
* Insert IP options into preformed packet.
|
||||
* Adjust IP destination as required for IP source routing,
|
||||
* as indicated by a non-zero in_addr at the start of the options.
|
||||
*
|
||||
* XXX This routine assumes that the packet has no options in place.
|
||||
*/
|
||||
static struct mbuf *
|
||||
ip_insertoptions(m, opt, phlen)
|
||||
@ -511,6 +513,7 @@ ip_insertoptions(m, opt, phlen)
|
||||
ip = mtod(m, struct ip *);
|
||||
(void)memcpy(ip + 1, p->ipopt_list, (unsigned)optlen);
|
||||
*phlen = sizeof(struct ip) + optlen;
|
||||
ip->ip_hl = *phlen >> 2;
|
||||
ip->ip_len += optlen;
|
||||
return (m);
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
* SUCH DAMAGE.
|
||||
*
|
||||
* @(#)raw_ip.c 8.7 (Berkeley) 5/15/95
|
||||
* $Id: raw_ip.c,v 1.27 1996/02/24 13:38:28 phk Exp $
|
||||
* $Id: raw_ip.c,v 1.28 1996/03/11 15:13:24 davidg Exp $
|
||||
*/
|
||||
|
||||
#include <sys/param.h>
|
||||
@ -166,17 +166,23 @@ rip_output(m, so, dst)
|
||||
ip->ip_src = inp->inp_laddr;
|
||||
ip->ip_dst.s_addr = dst;
|
||||
ip->ip_ttl = MAXTTL;
|
||||
opts = inp->inp_options;
|
||||
} else {
|
||||
ip = mtod(m, struct ip *);
|
||||
/* don't allow both user specified and setsockopt options,
|
||||
and don't allow packet length sizes that will crash */
|
||||
if (((ip->ip_hl != (sizeof (*ip) >> 2)) && inp->inp_options) ||
|
||||
(ip->ip_len > m->m_pkthdr.len)) {
|
||||
m_freem(m);
|
||||
return EINVAL;
|
||||
}
|
||||
if (ip->ip_id == 0)
|
||||
ip->ip_id = htons(ip_id++);
|
||||
opts = NULL;
|
||||
/* XXX prevent ip_output from overwriting header fields */
|
||||
flags |= IP_RAWOUTPUT;
|
||||
ipstat.ips_rawout++;
|
||||
}
|
||||
return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions));
|
||||
return (ip_output(m, inp->inp_options, &inp->inp_route, flags,
|
||||
inp->inp_moptions));
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user