diff options
| author |   reyk <reyk@openbsd.org> | 2017-08-10 18:38:33 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2017-08-10 18:38:33 +0000 |
| commit | 007a16ca7b62f42f1489e169ba0fa9d5c0518c3e (patch) | |
| tree | e26c625b80452f0cab8c20a775c1f98fc8f99a1a | |
| parent | Add a tls_config_set_ecdhecurves() function to libtls, which allows the (diff) | |
| download | wireguard-openbsd-007a16ca7b62f42f1489e169ba0fa9d5c0518c3e.tar.xz wireguard-openbsd-007a16ca7b62f42f1489e169ba0fa9d5c0518c3e.zip | |
A missing break in vxlan_sockaddr_cmp() could eventually trick an
vxlan interface into accepting packets for the wrong destination (if
the sockaddr_in6 checks somehow match on sockaddr_in addresses).
Coverity CID 1452902; Severity: Moderate
OK mikeb@
| -rw-r--r-- | sys/net/if_vxlan.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index ec28e4a9754..18a1dfb47bd 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vxlan.c,v 1.60 2017/05/04 15:00:24 bluhm Exp $ */ +/* $OpenBSD: if_vxlan.c,v 1.61 2017/08/10 18:38:33 reyk Exp $ */ /* * Copyright (c) 2013 Reyk Floeter <reyk@openbsd.org> @@ -538,6 +538,7 @@ vxlan_sockaddr_cmp(struct sockaddr *srcsa, struct sockaddr *dstsa) dst4 = satosin(dstsa); if (src4->sin_addr.s_addr == dst4->sin_addr.s_addr) return (0); + break; #ifdef INET6 case AF_INET6: src6 = satosin6(srcsa); @@ -545,6 +546,7 @@ vxlan_sockaddr_cmp(struct sockaddr *srcsa, struct sockaddr *dstsa) if (IN6_ARE_ADDR_EQUAL(&src6->sin6_addr, &dst6->sin6_addr) && src6->sin6_scope_id == dst6->sin6_scope_id) return (0); + break; #endif /* INET6 */ } |