Restrict protocol numbers for raw sockets to the range from 0 to 255.

OK deraadt@ guenther@
author: bluhm <bluhm@openbsd.org> 2013-03-30 12:15:29 +0000
committer: bluhm <bluhm@openbsd.org> 2013-03-30 12:15:29 +0000
commit: d233dfd4c3f424cccae0b75bca6daef1b899f658 (patch)
tree: b633d0fa3636cd4e2f7edacbb6cb072ce2acfbbf /sys/netinet6
parent: Use --stderr to output pod2man problems at build time, rather than embed (diff)
download: wireguard-openbsd-d233dfd4c3f424cccae0b75bca6daef1b899f658.tar.xz
wireguard-openbsd-d233dfd4c3f424cccae0b75bca6daef1b899f658.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index 0a2559a6d69..531efd0cece 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: raw_ip6.c,v 1.49 2013/03/28 16:45:16 tedu Exp $	*/
+/*	$OpenBSD: raw_ip6.c,v 1.50 2013/03/30 12:15:29 bluhm Exp $	*/
 /*	$KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $	*/
 
 /*
@@ -613,6 +613,10 @@ rip6_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
 			error = EACCES;
 			break;
 		}
+		if ((long)nam < 0 || (long)nam >= IPPROTO_MAX) {
+			error = EPROTONOSUPPORT;
+			break;
+		}
 		s = splsoftnet();
 		if ((error = soreserve(so, rip6_sendspace, rip6_recvspace)) != 0) {
 			splx(s);
author	bluhm <bluhm@openbsd.org>	2013-03-30 12:15:29 +0000
committer	bluhm <bluhm@openbsd.org>	2013-03-30 12:15:29 +0000
commit	d233dfd4c3f424cccae0b75bca6daef1b899f658 (patch)
tree	b633d0fa3636cd4e2f7edacbb6cb072ce2acfbbf /sys/netinet6
parent	Use --stderr to output pod2man problems at build time, rather than embed (diff)
download	wireguard-openbsd-d233dfd4c3f424cccae0b75bca6daef1b899f658.tar.xz wireguard-openbsd-d233dfd4c3f424cccae0b75bca6daef1b899f658.zip