diff options
author | ru <ru@FreeBSD.org> | 2001-12-05 18:13:34 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2001-12-05 18:13:34 +0000 |
commit | 3dd3844f572262d06d9cbefeb69bd8cd183f8e88 (patch) | |
tree | a12599e974e2226a762c58d1e4741dd09844b280 /sys/netinet/if_ether.c | |
parent | 17ba4e897e9bc4aab6b1d2c9f455a1f191f55561 (diff) | |
download | FreeBSD-src-3dd3844f572262d06d9cbefeb69bd8cd183f8e88.zip FreeBSD-src-3dd3844f572262d06d9cbefeb69bd8cd183f8e88.tar.gz |
Fixed remotely exploitable DoS in arpresolve().
Easily exploitable by flood pinging the target
host over an interface with the IFF_NOARP flag
set (all you need to know is the target host's
MAC address).
MFC after: 0 days
Diffstat (limited to 'sys/netinet/if_ether.c')
-rw-r--r-- | sys/netinet/if_ether.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index b4f5f08..e79fb3d 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -436,8 +436,10 @@ arpresolve(ifp, rt, m, dst, desten, rt0) * Probably should not allocate empty llinfo struct if we are * not going to be sending out an arp request. */ - if (ifp->if_flags & IFF_NOARP) + if (ifp->if_flags & IFF_NOARP) { + m_freem(m); return (0); + } /* * There is an arptab entry, but no ethernet address * response yet. Replace the held mbuf with this |