diff options
author | fenner <fenner@FreeBSD.org> | 1996-10-25 17:57:53 +0000 |
---|---|---|
committer | fenner <fenner@FreeBSD.org> | 1996-10-25 17:57:53 +0000 |
commit | aa424264765815c0b549bb0ef4fb82799a34c350 (patch) | |
tree | 3befa5b07bb47bd5b8369c3bd655d60f74ea009c /sys/netinet/raw_ip.c | |
parent | ccd3ba3727691f91198db0cc85afabfd9e88a1ea (diff) | |
download | FreeBSD-src-aa424264765815c0b549bb0ef4fb82799a34c350.zip FreeBSD-src-aa424264765815c0b549bb0ef4fb82799a34c350.tar.gz |
Don't allow reassembly to create packets bigger than IP_MAXPACKET, and count
attempts to do so.
Don't allow users to source packets bigger than IP_MAXPACKET.
Make UDP length and ipovly's protocol length unsigned short.
Reviewed by: wollman
Submitted by: (partly by) kml@nas.nasa.gov (Kevin Lahey)
Diffstat (limited to 'sys/netinet/raw_ip.c')
-rw-r--r-- | sys/netinet/raw_ip.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index f55f7b4..21ef2f9 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)raw_ip.c 8.7 (Berkeley) 5/15/95 - * $Id: raw_ip.c,v 1.35 1996/08/27 20:52:27 sos Exp $ + * $Id: raw_ip.c,v 1.36 1996/10/07 19:21:46 wollman Exp $ */ #include <sys/param.h> @@ -165,6 +165,10 @@ rip_output(m, so, dst) * Otherwise, allocate an mbuf for a header and fill it in. */ if ((inp->inp_flags & INP_HDRINCL) == 0) { + if (m->m_pkthdr.len + sizeof(struct ip) > IP_MAXPACKET) { + m_freem(m); + return(EMSGSIZE); + } M_PREPEND(m, sizeof(struct ip), M_WAIT); ip = mtod(m, struct ip *); ip->ip_tos = 0; @@ -175,6 +179,10 @@ rip_output(m, so, dst) ip->ip_dst.s_addr = dst; ip->ip_ttl = MAXTTL; } else { + if (m->m_pkthdr.len > IP_MAXPACKET) { + m_freem(m); + return(EMSGSIZE); + } ip = mtod(m, struct ip *); /* don't allow both user specified and setsockopt options, and don't allow packet length sizes that will crash */ |