d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

We should never allow either the broadcast or IN_ADDR_ANY to be

Browse Source 
connected to or sent to. This was fond when working with Michael
Tuexen and Skyzaller. Skyzaller seems to want to use either of
these two addresses to connect to at times. And it really is
an error to do so, so lets not allow that behavior.

Sponsored by:	Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D24852
This commit is contained in:
Randall Stewart 2020-06-03 14:16:40 +00:00
parent f1ea4e4120
commit 2cf21ae559
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=361752
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/netinet/tcp_usrreq.c
View File

@ -552,6 +552,10 @@ tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
if (sinp->sin_family == AF_INET
&& IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
return (EAFNOSUPPORT);
if ((sinp->sin_family == AF_INET) &&
((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) ||
(sinp->sin_addr.s_addr == INADDR_ANY)))
return(EAFNOSUPPORT);
if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
return (error);
@ -652,6 +656,11 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td)
error = EAFNOSUPPORT;
goto out;
}
if ((ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) ||
(sin.sin_addr.s_addr == INADDR_ANY)) {
error = EAFNOSUPPORT;
goto out;
}
if ((error = prison_remote_ip4(td->td_ucred,
&sin.sin_addr)) != 0)
goto out;
@ -1024,6 +1033,13 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf *m,
error = EAFNOSUPPORT;
goto out;
}
if ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) ||
(sinp->sin_addr.s_addr == INADDR_ANY)) {
if (m)
m_freem(m);
error = EAFNOSUPPORT;
goto out;
}
if ((error = prison_remote_ip4(td->td_ucred,
&sinp->sin_addr))) {
if (m)