diff options
author | olah <olah@FreeBSD.org> | 1995-08-17 22:09:14 +0000 |
---|---|---|
committer | olah <olah@FreeBSD.org> | 1995-08-17 22:09:14 +0000 |
commit | a34f5ed30597f1512b1b381c5d5898f10b9db88e (patch) | |
tree | fe10dbdacde677072b5ab8582ff69e00c0c61c16 | |
parent | bd043c4e293793d8906b021292261f0303e458b7 (diff) | |
download | FreeBSD-src-a34f5ed30597f1512b1b381c5d5898f10b9db88e.zip FreeBSD-src-a34f5ed30597f1512b1b381c5d5898f10b9db88e.tar.gz |
Add a sanity check for the UDP length field in order to prevent
malformed UDP packets to panic the kernel.
Reviewed by: davidg, wollman
Obtained from: dab@berserkly.cray.com (David A. Borman) via end2end list
-rw-r--r-- | sys/netinet/udp_usrreq.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 7e13103..3ed0a02 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)udp_usrreq.c 8.4 (Berkeley) 1/21/94 - * $Id: udp_usrreq.c,v 1.11 1995/05/09 13:35:48 davidg Exp $ + * $Id: udp_usrreq.c,v 1.12 1995/05/30 08:10:02 rgrimes Exp $ */ #include <sys/param.h> @@ -137,7 +137,7 @@ udp_input(m, iphlen) */ len = ntohs((u_short)uh->uh_ulen); if (ip->ip_len != len) { - if (len > ip->ip_len) { + if (len > ip->ip_len || len < sizeof(struct udphdr)) { udpstat.udps_badlen++; goto bad; } |