diff options
| author |   tobias <tobias@openbsd.org> | 2014-07-26 07:48:49 +0000 |
|---|---|---|
| committer | tobias <tobias@openbsd.org> | 2014-07-26 07:48:49 +0000 |
| commit | 5066e155bae5caa6d2105fcce546025d9aa9c266 (patch) | |
| tree | 6dc02dfba3bbc77851b97dc5c5caf92f8fe47bde | |
| parent | Differentiate servers by address and port, not just by address. (diff) | |
| download | wireguard-openbsd-5066e155bae5caa6d2105fcce546025d9aa9c266.tar.xz wireguard-openbsd-5066e155bae5caa6d2105fcce546025d9aa9c266.zip | |
Fix very hard to reach DoS attack vector, which would involve more than
8 billion network packets. Mixture of many many malformed and proper
packets could result in a division by zero.
ok krw@
| -rw-r--r-- | usr.sbin/dhcpd/packet.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.sbin/dhcpd/packet.c b/usr.sbin/dhcpd/packet.c index 30efac86779..24520fce8ec 100644 --- a/usr.sbin/dhcpd/packet.c +++ b/usr.sbin/dhcpd/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.6 2013/12/05 21:03:40 krw Exp $ */ +/* $OpenBSD: packet.c,v 1.7 2014/07/26 07:48:49 tobias Exp $ */ /* Packet assembly code, originally contributed by Archie Cobbs. */ @@ -180,7 +180,7 @@ decode_udp_ip_header(struct interface_info *interface, unsigned char *buf, ip_packets_seen++; if (wrapsum(checksum(buf + bufix, ip_len, 0)) != 0) { ip_packets_bad_checksum++; - if (ip_packets_seen > 4 && + if (ip_packets_seen > 4 && ip_packets_bad_checksum != 0 && (ip_packets_seen / ip_packets_bad_checksum) < 2) { note("%d bad IP checksums seen in %d packets", ip_packets_bad_checksum, ip_packets_seen); @@ -206,6 +206,7 @@ decode_udp_ip_header(struct interface_info *interface, unsigned char *buf, if ((len < 0) || (len + data > buf + bufix + buflen)) { udp_packets_length_overflow++; if (udp_packets_length_checked > 4 && + udp_packets_length_overflow != 0 && (udp_packets_length_checked / udp_packets_length_overflow) < 2) { note("%d udp packets in %d too long - dropped", @@ -230,7 +231,7 @@ decode_udp_ip_header(struct interface_info *interface, unsigned char *buf, udp_packets_seen++; if (usum && usum != sum) { udp_packets_bad_checksum++; - if (udp_packets_seen > 4 && + if (udp_packets_seen > 4 && udp_packets_bad_checksum != 0 && (udp_packets_seen / udp_packets_bad_checksum) < 2) { note("%d bad udp checksums in %d packets", udp_packets_bad_checksum, udp_packets_seen); |