Improve patch for SA-15:04.igmp to solve a potential buffer overflow.

Fix multiple vulnerabilities of ntp. [SA-15:07] Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08] Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
author: delphij <delphij@FreeBSD.org> 2015-04-07 20:20:24 +0000
committer: delphij <delphij@FreeBSD.org> 2015-04-07 20:20:24 +0000
commit: e5ee1c2b414851b17663cb491e2f2317a0af9bda (patch)
tree: 0fb07d612e2cdc3639727807b31799e6a7842bd4 /sys/netinet6
parent: 788993fc41f2549c7ca282a9e1bc3ca4dd88596e (diff)
download: FreeBSD-src-e5ee1c2b414851b17663cb491e2f2317a0af9bda.zip
FreeBSD-src-e5ee1c2b414851b17663cb491e2f2317a0af9bda.tar.gz
1 files changed, 10 insertions, 2 deletions
diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 0c8b587..8588a6b 100644
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -296,8 +296,16 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len)
 	}
 	if (nd_ra->nd_ra_retransmit)
 		ndi->retrans = ntohl(nd_ra->nd_ra_retransmit);
-	if (nd_ra->nd_ra_curhoplimit)
-		ndi->chlim = nd_ra->nd_ra_curhoplimit;
+	if (nd_ra->nd_ra_curhoplimit) {
+		if (ndi->chlim < nd_ra->nd_ra_curhoplimit)
+			ndi->chlim = nd_ra->nd_ra_curhoplimit;
+		else if (ndi->chlim != nd_ra->nd_ra_curhoplimit) {
+			log(LOG_ERR, "RA with a lower CurHopLimit sent from "
+			    "%s on %s (current = %d, received = %d). "
+			    "Ignored.\n", ip6_sprintf(ip6bufs, &ip6->ip6_src),
+			    if_name(ifp), ndi->chlim, nd_ra->nd_ra_curhoplimit);
+		}
+	}
 	dr = defrtrlist_update(&dr0);
     }
author	delphij <delphij@FreeBSD.org>	2015-04-07 20:20:24 +0000
committer	delphij <delphij@FreeBSD.org>	2015-04-07 20:20:24 +0000
commit	e5ee1c2b414851b17663cb491e2f2317a0af9bda (patch)
tree	0fb07d612e2cdc3639727807b31799e6a7842bd4 /sys/netinet6
parent	788993fc41f2549c7ca282a9e1bc3ca4dd88596e (diff)
download	FreeBSD-src-e5ee1c2b414851b17663cb491e2f2317a0af9bda.zip FreeBSD-src-e5ee1c2b414851b17663cb491e2f2317a0af9bda.tar.gz