From 3481adf42661106c54c4196cd4bc91c2e240323a Mon Sep 17 00:00:00 2001 From: truckman Date: Sat, 10 Jan 2004 08:53:00 +0000 Subject: Check that sa_len is the appropriate value in tcp_usr_bind(), tcp6_usr_bind(), tcp_usr_connect(), and tcp6_usr_connect() before checking to see whether the address is multicast so that the proper errno value will be returned if sa_len is incorrect. The checks are identical to the ones in in_pcbbind_setup(), in6_pcbbind(), and in6_pcbladdr(), which are called after the multicast address check passes. MFC after: 30 days --- sys/netinet/tcp_usrreq.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 3d161ab..212ccd2 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -244,6 +244,8 @@ tcp_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) * to them. */ sinp = (struct sockaddr_in *)nam; + if (nam->sa_len != sizeof (*sinp)) + return (EINVAL); if (sinp->sin_family == AF_INET && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) { error = EAFNOSUPPORT; @@ -273,6 +275,8 @@ tcp6_usr_bind(struct socket *so, struct sockaddr *nam, struct thread *td) * to them. */ sin6p = (struct sockaddr_in6 *)nam; + if (nam->sa_len != sizeof (*sin6p)) + return (EINVAL); if (sin6p->sin6_family == AF_INET6 && IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr)) { error = EAFNOSUPPORT; @@ -366,6 +370,8 @@ tcp_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td) * Must disallow TCP ``connections'' to multicast addresses. */ sinp = (struct sockaddr_in *)nam; + if (nam->sa_len != sizeof (*sinp)) + return (EINVAL); if (sinp->sin_family == AF_INET && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) { error = EAFNOSUPPORT; @@ -398,6 +404,8 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *nam, struct thread *td) * Must disallow TCP ``connections'' to multicast addresses. */ sin6p = (struct sockaddr_in6 *)nam; + if (nam->sa_len != sizeof (*sin6p)) + return (EINVAL); if (sin6p->sin6_family == AF_INET6 && IN6_IS_ADDR_MULTICAST(&sin6p->sin6_addr)) { error = EAFNOSUPPORT; -- cgit v1.1