diff options
author | qingli <qingli@FreeBSD.org> | 2011-10-25 04:06:29 +0000 |
---|---|---|
committer | qingli <qingli@FreeBSD.org> | 2011-10-25 04:06:29 +0000 |
commit | e58daadb01cc4b5d7026b21f6b7b52f6becbae2b (patch) | |
tree | 11a13cc2448e8781c1435be2069b020c47e682ad | |
parent | 40cf9012a15ea5ea1f020f0afbb0c9012659549f (diff) | |
download | FreeBSD-src-e58daadb01cc4b5d7026b21f6b7b52f6becbae2b.zip FreeBSD-src-e58daadb01cc4b5d7026b21f6b7b52f6becbae2b.tar.gz |
Exclude host routes when checking for prefix coverage on multiple
interfaces. A host route has a NULL mask so check for that condition.
I have also been told by developers who customize the packet output
path with direct manipulation of the route entry (or the outgoing
interface to be specific). This patch checks for the route mask
explicitly to make sure custom code will not panic.
PR: kern/161805
MFC after: 3 days
-rw-r--r-- | sys/netinet/in.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/sys/netinet/in.c b/sys/netinet/in.c index bba364d..c91df4a 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1429,12 +1429,21 @@ in_lltable_rtcheck(struct ifnet *ifp, u_int flags, const struct sockaddr *l3addr * on one interface and the corresponding outgoing packet leaves * another interface. */ - if (rt->rt_ifp != ifp) { + if (!(rt->rt_flags & RTF_HOST) && rt->rt_ifp != ifp) { const char *sa, *mask, *addr, *lim; int len; - sa = (const char *)rt_key(rt); mask = (const char *)rt_mask(rt); + /* + * Just being extra cautious to avoid some custom + * code getting into trouble. + */ + if (mask == NULL) { + RTFREE_LOCKED(rt); + return (EINVAL); + } + + sa = (const char *)rt_key(rt); addr = (const char *)l3addr; len = ((const struct sockaddr_in *)l3addr)->sin_len; lim = addr + len; |