diff options
| author |   mpi <mpi@openbsd.org> | 2014-11-20 11:05:19 +0000 |
|---|---|---|
| committer | mpi <mpi@openbsd.org> | 2014-11-20 11:05:19 +0000 |
| commit | 7e5860a99c6711cecfbf255f88bb15e43abe37ce (patch) | |
| tree | da317cf883a9e0c4d88535deb5b65e90a9fd82ac /sys/netinet/tcp_input.c | |
| parent | Fix previous. (diff) | |
| download | wireguard-openbsd-7e5860a99c6711cecfbf255f88bb15e43abe37ce.tar.xz wireguard-openbsd-7e5860a99c6711cecfbf255f88bb15e43abe37ce.zip | |
In TCP and UDP layers do not (ab)use the receiving interface to check
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
Diffstat (limited to 'sys/netinet/tcp_input.c')
| -rw-r--r-- | sys/netinet/tcp_input.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index cea9fc617b4..cd76159fe44 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_input.c,v 1.283 2014/11/18 02:37:31 tedu Exp $ */ +/* $OpenBSD: tcp_input.c,v 1.284 2014/11/20 11:05:19 mpi Exp $ */ /* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */ /* @@ -394,7 +394,6 @@ tcp_input(struct mbuf *m, ...) /* * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN - * See below for AF specific multicast. */ if (m->m_flags & (M_BCAST|M_MCAST)) goto drop; @@ -459,10 +458,6 @@ tcp_input(struct mbuf *m, ...) switch (af) { case AF_INET: ip = mtod(m, struct ip *); - if (IN_MULTICAST(ip->ip_dst.s_addr) || - in_broadcast(ip->ip_dst, m->m_pkthdr.rcvif, - m->m_pkthdr.ph_rtableid)) - goto drop; #ifdef TCP_ECN /* save ip_tos before clearing it for checksum */ iptos = ip->ip_tos; |