diff options
author | tuexen <tuexen@FreeBSD.org> | 2011-09-15 08:49:54 +0000 |
---|---|---|
committer | tuexen <tuexen@FreeBSD.org> | 2011-09-15 08:49:54 +0000 |
commit | 15bb2c985fb8541737d6056f0a21406876105b0b (patch) | |
tree | 52e8a7176078388d0c66be4bfdd23e13693538d6 /sys/netinet/sctp_asconf.c | |
parent | f23b1f625d09ffd3a8da3c62c0b6305e9c42119d (diff) | |
download | FreeBSD-src-15bb2c985fb8541737d6056f0a21406876105b0b.zip FreeBSD-src-15bb2c985fb8541737d6056f0a21406876105b0b.tar.gz |
Make sure that SCTP rejects broadcast, multicast and wildcard addresses
as remote addresses.
Approved by: re
MFC after: 1 month.
Diffstat (limited to 'sys/netinet/sctp_asconf.c')
-rw-r--r-- | sys/netinet/sctp_asconf.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/sys/netinet/sctp_asconf.c b/sys/netinet/sctp_asconf.c index 69f9cf1..46d160c 100644 --- a/sys/netinet/sctp_asconf.c +++ b/sys/netinet/sctp_asconf.c @@ -207,6 +207,7 @@ sctp_process_asconf_add_ip(struct mbuf *m, struct sctp_asconf_paramhdr *aph, uint16_t param_type, param_length, aparam_length; struct sockaddr *sa; int zero_address = 0; + int bad_address = 0; #ifdef INET struct sockaddr_in *sin; @@ -239,6 +240,10 @@ sctp_process_asconf_add_ip(struct mbuf *m, struct sctp_asconf_paramhdr *aph, sin->sin_len = sizeof(struct sockaddr_in); sin->sin_port = stcb->rport; sin->sin_addr.s_addr = v4addr->addr; + if ((sin->sin_addr.s_addr == INADDR_BROADCAST) || + IN_MULTICAST(ntohl(sin->sin_addr.s_addr))) { + bad_address = 1;; + } if (sin->sin_addr.s_addr == INADDR_ANY) zero_address = 1; SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); @@ -259,6 +264,9 @@ sctp_process_asconf_add_ip(struct mbuf *m, struct sctp_asconf_paramhdr *aph, sin6->sin6_port = stcb->rport; memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr, sizeof(struct in6_addr)); + if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { + bad_address = 1; + } if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) zero_address = 1; SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: adding "); @@ -266,12 +274,8 @@ sctp_process_asconf_add_ip(struct mbuf *m, struct sctp_asconf_paramhdr *aph, break; #endif default: - /* - * XXX: Is this the correct error cause? Maybe - * SCTP_CAUSE_INVALID_PARAM is a better choice. - */ m_reply = sctp_asconf_error_response(aph->correlation_id, - SCTP_CAUSE_UNRESOLVABLE_ADDR, (uint8_t *) aph, + SCTP_CAUSE_INVALID_PARAM, (uint8_t *) aph, aparam_length); return m_reply; } /* end switch */ @@ -285,7 +289,11 @@ sctp_process_asconf_add_ip(struct mbuf *m, struct sctp_asconf_paramhdr *aph, SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, sa); } /* add the address */ - if (sctp_add_remote_addr(stcb, sa, &net, SCTP_DONOT_SETSCOPE, + if (bad_address) { + m_reply = sctp_asconf_error_response(aph->correlation_id, + SCTP_CAUSE_INVALID_PARAM, (uint8_t *) aph, + aparam_length); + } else if (sctp_add_remote_addr(stcb, sa, &net, SCTP_DONOT_SETSCOPE, SCTP_ADDR_DYNAMIC_ADDED) != 0) { SCTPDBG(SCTP_DEBUG_ASCONF1, "process_asconf_add_ip: error adding address\n"); |