Backout damage to the INADDR_TO_IFP() macro in revision 1.7.

This macro was supposed to only match local IP addresses of interfaces, and all consumers of this macro assume this as well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket options in the ip(4) manpage.) This fixes a major security breach in IPFW-based firewalls where the `me' keyword would match the other end of a P2P link. PR: kern/28567
2001-07-17 10:30:21 +00:00 · 2001-07-17 10:30:21 +00:00 · 9f81cc840b
commit 9f81cc840b
parent 0247c861a3
1 changed files with 5 additions and 12 deletions
--- a/sys/netinet/in_var.h
+++ b/sys/netinet/in_var.h
@ -94,18 +94,11 @@ extern	u_char	inetctlerrmap[];
 	/* struct in_addr addr; */ \
 	/* struct ifnet *ifp; */ \
 { \
-	register struct in_ifaddr *ia; \
+	struct in_ifaddr *ia; \
 \
-	for (ia = TAILQ_FIRST(&in_ifaddrhead); \
-	    ia != NULL && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \
-		IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \
-	    ia = TAILQ_NEXT(ia, ia_link)) \
-		 continue; \
-	if (ia == NULL) \
-	    TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) \
-		    if (ia->ia_ifp->if_flags & IFF_POINTOPOINT && \
-			IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \
-			    break; \
+	TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) \
+		if (IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \
+			break; \
 	(ifp) = (ia == NULL) ? NULL : ia->ia_ifp; \
 }

@ -180,7 +173,7 @@ struct in_multistep {
 	/* struct ifnet *ifp; */ \
 	/* struct in_multi *inm; */ \
 do { \
-	register struct ifmultiaddr *ifma; \
+	struct ifmultiaddr *ifma; \
 \
 	TAILQ_FOREACH(ifma, &((ifp)->if_multiaddrs), ifma_link) { \
 		if (ifma->ifma_addr->sa_family == AF_INET \