If no vlan(4) interfaces are configured for the interface, and the

driver did VLAN decapsulation in hardware, we were passing a frame as if it came for the parent (non-VLAN) interface. Stop this from happening. Reminded by: glebius Security: This could pose a security risk in some setups
2005-02-14 08:29:42 +00:00 · 2005-02-14 08:29:42 +00:00 · 6c23e6cc5a
commit 6c23e6cc5a
parent dbda3744f4
1 changed files with 10 additions and 3 deletions
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@ -654,12 +654,19 @@ post_stats:
 #endif

 	/*
-	 * If VLANs are configured on the interface, check to
-	 * see if the device performed the decapsulation and
+	 * Check to see if the device performed the VLAN decapsulation and
 	 * provided us with the tag.
 	 */
-	if (ifp->if_nvlans &&
+	if (m_tag_first(m) != NULL &&
 	    m_tag_locate(m, MTAG_VLAN, MTAG_VLAN_TAG, NULL) != NULL) {
+		/*
+		 * If no VLANs are configured, drop.
+		 */
+		if (ifp->if_nvlans == 0) {
+			ifp->if_noproto++;
+			m_freem(m);
+			return;
+		}
 		/*
 		 * vlan_input() will either recursively call ether_input()
 		 * or drop the packet.