d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
595d23f777
freebsd-dev/sys/netinet6
History
Mark Johnston 713264f6b8 netinet: Tighten checks for unspecified source addresses 
The assertions added in commit b0ccf53f24 ("inpcb: Assert against
wildcard addrs in in_pcblookup_hash_locked()") revealed that protocol
layers may pass the unspecified address to in_pcblookup().

Add some checks to filter out such packets before we attempt an inpcb
lookup:
- Disallow the use of an unspecified source address in in_pcbladdr() and
  in6_pcbladdr().
- Disallow IP packets with an unspecified destination address.
- Disallow TCP packets with an unspecified source address, and add an
  assertion to verify the comment claiming that the case of an
  unspecified destination address is handled by the IP layer.

Reported by:	syzbot+9ca890fb84e984e82df2@syzkaller.appspotmail.com
Reported by:	syzbot+ae873c71d3c71d5f41cb@syzkaller.appspotmail.com
Reported by:	syzbot+e3e689aba1d442905067@syzkaller.appspotmail.com
Reviewed by:	glebius, melifaro
MFC after:	2 weeks
Sponsored by:	Klara, Inc.
Sponsored by:	Modirum MDPay
Differential Revision:	https://reviews.freebsd.org/D38570
2023-03-06 15:06:00 -05:00
..
dest6.c
frag6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
icmp6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
icmp6.h
in6_cksum.c
in6_fib_algo.c Fix dpdk/ldradix fib lookup algorithm preference calculation. 2021-03-07 22:17:53 +00:00
in6_fib.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6_fib.h Add modular fib lookup framework. 2020-12-25 11:33:17 +00:00
in6_gif.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6_ifattach.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6_ifattach.h
in6_jail.c sysent: Get rid of bogus sys/sysent.h include. 2022-05-28 20:52:17 +03:00
in6_mcast.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6_pcb.c netinet: Tighten checks for unspecified source addresses 2023-03-06 15:06:00 -05:00
in6_pcb.h inpcb: use family specific sockaddr argument for bind functions 2023-02-15 10:30:16 -08:00
in6_proto.c netinet*: add back necessary headers 2022-10-26 08:16:44 -07:00
in6_rmx.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6_rss.c Revert "wpa: Import wpa_supplicant/hostapd commit 14ab4a816" 2021-12-02 14:45:04 -08:00
in6_rss.h Implement flowid calculation for outbound connections to balance 2020-10-18 17:15:47 +00:00
in6_src.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6_var.h IfAPI: Hide the in6m_lookup_locked() implementation. 2023-01-31 15:02:14 -05:00
in6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
in6.h netinet: Remove the IP(V6)_RSS_LISTEN_BUCKET socket option 2023-02-28 15:57:21 -05:00
ip6_ecn.h
ip6_fastfwd.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
ip6_forward.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
ip6_gre.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
ip6_id.c
ip6_input.c netinet*: remove PRC_ constants and streamline ICMP processing 2022-10-03 20:53:04 -07:00
ip6_mroute.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
ip6_mroute.h
ip6_output.c netinet: Remove the IP(V6)_RSS_LISTEN_BUCKET socket option 2023-02-28 15:57:21 -05:00
ip6_var.h netinet*: remove PRC_ constants and streamline ICMP processing 2022-10-03 20:53:04 -07:00
ip6.h
ip_fw_nat64.h
ip_fw_nptv6.h
mld6_var.h mld6: use callout(9) directly instead of pr_slowtimo, pr_fasttimo 2022-08-17 11:50:31 -07:00
mld6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
mld6.h
nd6_nbr.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
nd6_rtr.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
nd6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
nd6.h IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
pim6_var.h
pim6.h
raw_ip6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
raw_ip6.h
route6.c
scope6_var.h
scope6.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
sctp6_usrreq.c sctp: minor changes due to upstreaming of Glebs recent changes 2022-11-06 23:06:40 +01:00
sctp6_var.h sctp: minor changes due to upstreaming of Glebs recent changes 2022-11-06 23:06:40 +01:00
send.c IfAPI: Explicitly include <net/if_private.h> in netstack 2023-01-31 15:02:16 -05:00
send.h
tcp6_var.h netinet*: de-void control input IP protocol methods 2022-10-03 20:53:04 -07:00
udp6_usrreq.c inpcb: use family specific sockaddr argument for bind functions 2023-02-15 10:30:16 -08:00
udp6_var.h netinet*: de-void control input IP protocol methods 2022-10-03 20:53:04 -07:00