diff options
author | ru <ru@FreeBSD.org> | 2001-07-17 10:30:21 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2001-07-17 10:30:21 +0000 |
commit | 1a2a5935ee2d66e788d658677b29a8428581d6f5 (patch) | |
tree | 64917be7867040f75a0f3deb15fa087cf19b165e /sys/netinet/in_var.h | |
parent | cd85c941a3ba78a262003bdfeab59e83c3f5b6b0 (diff) | |
download | FreeBSD-src-1a2a5935ee2d66e788d658677b29a8428581d6f5.zip FreeBSD-src-1a2a5935ee2d66e788d658677b29a8428581d6f5.tar.gz |
Backout damage to the INADDR_TO_IFP() macro in revision 1.7.
This macro was supposed to only match local IP addresses of
interfaces, and all consumers of this macro assume this as
well. (See IP_MULTICAST_IF and IP_ADD_MEMBERSHIP socket
options in the ip(4) manpage.)
This fixes a major security breach in IPFW-based firewalls
where the `me' keyword would match the other end of a P2P
link.
PR: kern/28567
Diffstat (limited to 'sys/netinet/in_var.h')
-rw-r--r-- | sys/netinet/in_var.h | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index f5c1464..e603cee 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -94,18 +94,11 @@ extern u_char inetctlerrmap[]; /* struct in_addr addr; */ \ /* struct ifnet *ifp; */ \ { \ - register struct in_ifaddr *ia; \ + struct in_ifaddr *ia; \ \ - for (ia = TAILQ_FIRST(&in_ifaddrhead); \ - ia != NULL && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \ - IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \ - ia = TAILQ_NEXT(ia, ia_link)) \ - continue; \ - if (ia == NULL) \ - TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) \ - if (ia->ia_ifp->if_flags & IFF_POINTOPOINT && \ - IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \ - break; \ + TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) \ + if (IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \ + break; \ (ifp) = (ia == NULL) ? NULL : ia->ia_ifp; \ } @@ -180,7 +173,7 @@ struct in_multistep { /* struct ifnet *ifp; */ \ /* struct in_multi *inm; */ \ do { \ - register struct ifmultiaddr *ifma; \ + struct ifmultiaddr *ifma; \ \ TAILQ_FOREACH(ifma, &((ifp)->if_multiaddrs), ifma_link) { \ if (ifma->ifma_addr->sa_family == AF_INET \ |