summaryrefslogtreecommitdiffstats
path: root/sys/netinet/tcp_input.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/netinet/tcp_input.c')
-rw-r--r--sys/netinet/tcp_input.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index f4195de21a1..81362ad1b37 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.54 1999/12/15 16:37:20 provos Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.55 1999/12/21 15:41:07 itojun Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -489,6 +489,13 @@ tcp_input(m, va_alist)
ti = NULL;
ipv6 = mtod(m, struct ip6_hdr *);
+ /* Be proactive about malicious use of IPv4 mapped address */
+ if (IN6_IS_ADDR_V4MAPPED(&ipv6->ip6_src) ||
+ IN6_IS_ADDR_V4MAPPED(&ipv6->ip6_dst)) {
+ /* XXX stat */
+ goto drop;
+ }
+
if (in6_cksum(m, IPPROTO_TCP, sizeof(struct ip6_hdr), tlen)) {
tcpstat.tcps_rcvbadsum++;
goto drop;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.