Add additional robustness to at_aarpinput() by testing for broadcast

addresses as the source of an AARP request. While this PR was submitted in the context of work in OpenBSD to port netatalk (in 1997), I've synchronized the code more to our ARP input routine, which had similar requirements. Submitted by: Denton Gentry PR: kern/4184 MFC after: 1 week
author: rwatson <rwatson@FreeBSD.org> 2007-11-20 18:35:57 +0000
committer: rwatson <rwatson@FreeBSD.org> 2007-11-20 18:35:57 +0000
commit: 261a3b571debe7c65897926607e60df262479274 (patch)
tree: cfdb9e50487cf4238ff9d2f64b69f9db03e3c976 /sys/netatalk
parent: e13e970d0427f032ae4e448beeb85d141fd94769 (diff)
download: FreeBSD-src-261a3b571debe7c65897926607e60df262479274.zip
FreeBSD-src-261a3b571debe7c65897926607e60df262479274.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/netatalk/aarp.c b/sys/netatalk/aarp.c
index f85adfe..c13d610 100644
--- a/sys/netatalk/aarp.c
+++ b/sys/netatalk/aarp.c
@@ -354,6 +354,13 @@ at_aarpinput(struct ifnet *ifp, struct mbuf *m)
 		return;
 	}
 
+	/* Don't accept requests from broadcast address. */
+	if (!bcmp(ea->aarp_sha, ifp->if_broadcastaddr, ifp->if_addrlen)) {
+		log(LOG_ERR, "aarp: source link address is broadcast\n");
+		m_freem(m);
+		return;
+	}
+
 	op = ntohs(ea->aarp_op);
 	bcopy(ea->aarp_tpnet, &net, sizeof(net));
author	rwatson <rwatson@FreeBSD.org>	2007-11-20 18:35:57 +0000
committer	rwatson <rwatson@FreeBSD.org>	2007-11-20 18:35:57 +0000
commit	261a3b571debe7c65897926607e60df262479274 (patch)
tree	cfdb9e50487cf4238ff9d2f64b69f9db03e3c976 /sys/netatalk
parent	e13e970d0427f032ae4e448beeb85d141fd94769 (diff)
download	FreeBSD-src-261a3b571debe7c65897926607e60df262479274.zip FreeBSD-src-261a3b571debe7c65897926607e60df262479274.tar.gz