From nobody Sat Mar 25 16:05:03 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PkP6l525Lz41MhJ; Sat, 25 Mar 2023 16:05:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PkP6l4YYlz4DGq; Sat, 25 Mar 2023 16:05:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679760303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PUffXG+B3vEP1gPpx0tgr1v2NCvdtdQ06RxgYufuuyc=; b=GJ85LRjFO+yp5IR/6qY503IN+KmhDRoDCgwe/56Qi83GGhVrfe3OUEyp3UVShu/ghD+8e1 MuydbDhB1vs3UZzi8QIjTegWsS3CheevVzq7E0VVPDGcQ7+Cxd+yjrogv9Z1SH2jFJNKoW XbCQPerQWS0E4dMog7q6eYV/GPmNeuiitmkhLeNETh26AAmbpfxrpuwjCW81z24y2vAWT+ tMBr7JnvWnxuNmBVQhXw2+yWm88zoKBhYwy+z6g0Gs+Z6hbJkDcsRoVWwYnfx5mCc5Sz1p F/3lBnmiSSQ198gYKmbYrM4JDhbrd25JQw8e1l/yNBCxnXjonl6Lfnj4PsAoFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1679760303; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=PUffXG+B3vEP1gPpx0tgr1v2NCvdtdQ06RxgYufuuyc=; b=lWXGj7v2fnbGN871C1LGMcwsauHGSSXMB7Fiyrje6Uz9hh5ezlnWzxUf6xl0jNd8hZHGSt shdi1R7zPUhQwHhkYtvUm11ro02d+kBmnMQwh1Wc0DJ0PD305NV+mJd5rS2clqBImGYQVQ 48JbczqzSFhdsMt7id8Kiz80fv43klBOmc9GIPgZkBIbKt6ja83z8a6dbeLiwkMwc4VODA edvuWf5YrmBHJMIEDrlikh76FCJ+SdkWnLnONk7g9Cs4DK7TKQlyd9e6L53E97iluCsOQJ JHbH+N8jM29JU6+r6oJHh8TYAFFk+7MQANpY9hLzLdGsI4zG+r6qm2U0/YvI/w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1679760303; a=rsa-sha256; cv=none; b=mkql6YKhftBtBQ20MqdqdEIDovVQBoIa0Hds1G9mTVptDylJFotarcoKSyKsdicV5bQv1A yhtTzAn94O6qFqKhHifWPqxPza+b4qY7LFIrLnd/ovVTG+wVdFrV75UMYeCgiAMr0KNrpl PRSr1dxbUf+liiYEIh//g6mPz22Hb9T4epd8Tpjv12/HXaooJoND44R67GRGkZ7iko9qqI cMHTAGeuils1ERfvyzsje+aN/jUhebaJE1SVluI6luCwQx3y00lJK42Jrm0fnme9gFBy4f GTKllta+NyIrt4m5TExllxJQECO+VoMFrE7/I3Nz45DiqhtFMFJ1GmBLzkFgmw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PkP6l3bHvz15Fd; Sat, 25 Mar 2023 16:05:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 32PG53H3079702; Sat, 25 Mar 2023 16:05:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 32PG53Gj079701; Sat, 25 Mar 2023 16:05:03 GMT (envelope-from git) Date: Sat, 25 Mar 2023 16:05:03 GMT Message-Id: <202303251605.32PG53Gj079701@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Andrew Gallatin Subject: git: abba58766fdd - main - LRO: Add missing checks for invalid IP addresses List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gallatin X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: abba58766fdd7f9720761aba39c2b9653eb4fbd3 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by gallatin: URL: https://cgit.FreeBSD.org/src/commit/?id=abba58766fdd7f9720761aba39c2b9653eb4fbd3 commit abba58766fdd7f9720761aba39c2b9653eb4fbd3 Author: Andrew Gallatin AuthorDate: 2023-03-25 15:51:51 +0000 Commit: Andrew Gallatin CommitDate: 2023-03-25 15:56:02 +0000 LRO: Add missing checks for invalid IP addresses LRO bypasses normal ip_input()/tcp_input() and lacks several checks that are present in the normal path. Without these checks, it is possible to trigger assertions added in b0ccf53f2455 Reviewed by: glebius, rrs Sponsored by: Netflix --- sys/netinet/tcp_lro.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/netinet/tcp_lro.c b/sys/netinet/tcp_lro.c index bde8fadbc05b..908f9cdd7ea4 100644 --- a/sys/netinet/tcp_lro.c +++ b/sys/netinet/tcp_lro.c @@ -292,6 +292,10 @@ tcp_lro_low_level_parser(void *ptr, struct lro_parser *parser, bool update_data, /* .. and the packet is not fragmented. */ if (parser->ip4->ip_off & htons(IP_MF|IP_OFFMASK)) break; + /* .. and the packet has valid src/dst addrs */ + if (__predict_false(parser->ip4->ip_src.s_addr == INADDR_ANY || + parser->ip4->ip_dst.s_addr == INADDR_ANY)) + break; ptr = (uint8_t *)ptr + (parser->ip4->ip_hl << 2); mlen -= sizeof(struct ip); if (update_data) { @@ -339,6 +343,10 @@ tcp_lro_low_level_parser(void *ptr, struct lro_parser *parser, bool update_data, parser->ip6 = ptr; if (__predict_false(mlen < sizeof(struct ip6_hdr))) return (NULL); + /* Ensure the packet has valid src/dst addrs */ + if (__predict_false(IN6_IS_ADDR_UNSPECIFIED(&parser->ip6->ip6_src) || + IN6_IS_ADDR_UNSPECIFIED(&parser->ip6->ip6_dst))) + return (NULL); ptr = (uint8_t *)ptr + sizeof(*parser->ip6); if (update_data) { parser->data.s_addr.v6 = parser->ip6->ip6_src;