Import v3.4.8 into -current

1 files changed, 35 insertions, 5 deletions

diff --git a/contrib/ipfilter/ip_fil.c b/contrib/ipfilter/ip_fil.c
index 9216b3c..fe6af66 100644
--- a/contrib/ipfilter/ip_fil.c
+++ b/contrib/ipfilter/ip_fil.c
@@ -7,7 +7,7 @@
  */
 #if !defined(lint)
 static const char sccsid[] = "@(#)ip_fil.c	2.41 6/5/96 (C) 1993-2000 Darren Reed";
-static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.9 2000/05/22 12:48:28 darrenr Exp $";
+static const char rcsid[] = "@(#)$Id: ip_fil.c,v 2.42.2.14 2000/07/18 13:57:55 darrenr Exp $";
 #endif
 
 #ifndef	SOLARIS
@@ -692,6 +692,10 @@ caddr_t data;
 	if (error)
 		return EFAULT;
 	fp->fr_ref = 0;
+#if (BSD >= 199306) && defined(_KERNEL)
+	if ((securelevel > 0) && (fp->fr_func != NULL))
+		return EPERM;
+#endif
 
 	/*
 	 * Check that the group number does exist and that if a head group
@@ -764,7 +768,7 @@ caddr_t data;
 	 * interface pointer in the comparison (fr_next, fr_ifa).
 	 */
 	for (fp->fr_cksum = 0, p = (u_int *)&fp->fr_ip, pp = &fp->fr_cksum;
-	     p != pp; p++)
+	     p < pp; p++)
 		fp->fr_cksum += *p;
 
 	for (; (f = *ftail); ftail = &f->fr_next)
@@ -1088,6 +1092,19 @@ int dst;
 	m = NULL;
 	ifp = fin->fin_ifp;
 	if (fin->fin_v == 4) {
+		if ((oip->ip_p == IPPROTO_ICMP) &&
+		    !(fin->fin_fi.fi_fl & FI_SHORT))
+			switch (ntohs(fin->fin_data[0]) >> 8)
+			{
+			case ICMP_ECHO :
+			case ICMP_TSTAMP :
+			case ICMP_IREQ :
+			case ICMP_MASKREQ :
+				break;
+			default :
+				return 0;
+			}
+
 # if	(BSD < 199306) || defined(__sgi)
 		avail = MLEN;
 		m = m_get(M_DONTWAIT, MT_HEADER);
@@ -1325,10 +1342,9 @@ frdest_t *fdp;
 			ATOMIC_INCL(frstats[1].fr_acct);
 		}
 		fin->fin_fr = NULL;
-		if (!fr || !(fr->fr_flags & FR_RETMASK)) {
+		if (!fr || !(fr->fr_flags & FR_RETMASK))
 			(void) fr_checkstate(ip, fin);
-			(void) ip_natout(ip, fin);
-		}
+		(void) ip_natout(ip, fin);
 	} else
 		ip->ip_sum = 0;
 	/*
@@ -1585,15 +1601,29 @@ int v;
 
 	if (!ifneta) {
 		ifneta = (struct ifnet **)malloc(sizeof(ifp) * 2);
+		if (!ifneta)
+			return NULL;
 		ifneta[1] = NULL;
 		ifneta[0] = (struct ifnet *)calloc(1, sizeof(*ifp));
+		if (!ifneta[0]) {
+			free(ifneta);
+			return NULL;
+		}
 		nifs = 1;
 	} else {
 		nifs++;
 		ifneta = (struct ifnet **)realloc(ifneta,
 						  (nifs + 1) * sizeof(*ifa));
+		if (!ifneta) {
+			nifs = 0;
+			return NULL;
+		}
 		ifneta[nifs] = NULL;
 		ifneta[nifs - 1] = (struct ifnet *)malloc(sizeof(*ifp));
+		if (!ifneta[nifs - 1]) {
+			nifs--;
+			return NULL;
+		}
 	}
 	ifp = ifneta[nifs - 1];