NULL dereference in IPV6_PORTRANGE and IP_IPSEC_*, found by Clement LECIGNE,

localhost DoS everywhere. To help minimize further issues, make the mbuf != NULL test explicit instead of implicit in a length test. Suggestions and initial work by mpf@ and miod@ ok henning@, mpf@, claudio@,
author: guenther <guenther@openbsd.org> 2009-11-20 09:02:21 +0000
committer: guenther <guenther@openbsd.org> 2009-11-20 09:02:21 +0000
commit: 53f194990c8936ee1f4c0fffb4ebc3416f4f4e89 (patch)
tree: 1628ebd2fe57c02295499a73fd65346a2051c9b2 /sys/netinet/ip_output.c
parent: Display UTF-8 properly in status line messages and prompt. Cursor handling is (diff)
download: wireguard-openbsd-53f194990c8936ee1f4c0fffb4ebc3416f4f4e89.tar.xz
wireguard-openbsd-53f194990c8936ee1f4c0fffb4ebc3416f4f4e89.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 86bed4973df..e091d4d1518 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_output.c,v 1.198 2009/11/13 14:14:56 claudio Exp $	*/
+/*	$OpenBSD: ip_output.c,v 1.199 2009/11/20 09:02:21 guenther Exp $	*/
 /*	$NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $	*/
 
 /*
@@ -1274,7 +1274,7 @@ ip_ctloutput(op, so, level, optname, mp)
 #ifndef IPSEC
 			error = EOPNOTSUPP;
 #else
-			if (m->m_len < 2) {
+			if (m == NULL || m->m_len < 2) {
 				error = EINVAL;
 				break;
 			}
author	guenther <guenther@openbsd.org>	2009-11-20 09:02:21 +0000
committer	guenther <guenther@openbsd.org>	2009-11-20 09:02:21 +0000
commit	53f194990c8936ee1f4c0fffb4ebc3416f4f4e89 (patch)
tree	1628ebd2fe57c02295499a73fd65346a2051c9b2 /sys/netinet/ip_output.c
parent	Display UTF-8 properly in status line messages and prompt. Cursor handling is (diff)
download	wireguard-openbsd-53f194990c8936ee1f4c0fffb4ebc3416f4f4e89.tar.xz wireguard-openbsd-53f194990c8936ee1f4c0fffb4ebc3416f4f4e89.zip