CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Mark Johnston <markj@FreeBSD.org>
	Mon, 6 Mar 2023 20:06:00 +0000 (15:06 -0500)
committer	Mark Johnston <markj@FreeBSD.org>
	Mon, 6 Mar 2023 20:06:00 +0000 (15:06 -0500)
commit	713264f6b8bc5f927dd52cf8ffcccfa397034fec
tree	2ed07fa4071cafaac14b871685d54277c56ca62a	tree \| snapshot
parent	1be25bdb730ff07355cd6f5cb087d58e506c5519	commit \| diff

netinet: Tighten checks for unspecified source addresses

The assertions added in commit b0ccf53f2455 ("inpcb: Assert against
wildcard addrs in in_pcblookup_hash_locked()") revealed that protocol
layers may pass the unspecified address to in_pcblookup().

Add some checks to filter out such packets before we attempt an inpcb
lookup:
- Disallow the use of an unspecified source address in in_pcbladdr() and
  in6_pcbladdr().
- Disallow IP packets with an unspecified destination address.
- Disallow TCP packets with an unspecified source address, and add an
  assertion to verify the comment claiming that the case of an
  unspecified destination address is handled by the IP layer.

Reported by: syzbot+9ca890fb84e984e82df2@syzkaller.appspotmail.com
Reported by: syzbot+ae873c71d3c71d5f41cb@syzkaller.appspotmail.com
Reported by: syzbot+e3e689aba1d442905067@syzkaller.appspotmail.com
Reviewed by: glebius, melifaro
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D38570

sys/netinet/in_pcb.c		diff \| blob \| history
sys/netinet/ip_input.c		diff \| blob \| history
sys/netinet/tcp_input.c		diff \| blob \| history
sys/netinet6/in6_pcb.c		diff \| blob \| history