From nobody Wed Jul 27 14:14:39 2022
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4LtG4b3tBvz4Xg7R;
	Wed, 27 Jul 2022 14:14:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4LtG4b3PjVz3fjN;
	Wed, 27 Jul 2022 14:14:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1658931279;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=lL1f4dnuWEw8CrTl4AaSg7Fk7F+cgP91LsmO3qzuH58=;
	b=EyDgekTW7Z+fJI+PPJdG1q/WWRnjER+qPf+gIUrDU4bS3p5sv9i/A5EzcxWQYhAhaGXylH
	/11HITSw1mjqRD/WPdnZEHKK/Zd7+mdvXG5Sw5VI6dYA9vs6F1CER3QX0zGQr7ghrkudIx
	H6mZ7kSTG3oWlcKMH2U2dkbuLSG3D7vepO4oI4njwAdKI7x6pkwaCzq5QD2/VzKu3f86Tc
	HHic6iQKRK05RG3LFyr2FcxqlvT8Y9aSVHfj1yxuxsMFL7e8txgTQXGVrsGG93yhtePZzX
	se98EYzp5iZgSkvvkWNTrlhjQvL3bsCKD4JnW4N8jcNd0s7c7sU2jF3z7j268w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4LtG4b2NllzKd3;
	Wed, 27 Jul 2022 14:14:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 26REEdJu051877;
	Wed, 27 Jul 2022 14:14:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 26REEdE3051876;
	Wed, 27 Jul 2022 14:14:39 GMT
	(envelope-from git)
Date: Wed, 27 Jul 2022 14:14:39 GMT
Message-Id: <202207271414.26REEdE3051876@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: =?utf-8?Q?Kornel=20Dul=C4=99ba?= <kd@FreeBSD.org>
Subject: git: 82042465c3b5 - main - icmp6: Improve validation of PMTU
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kd
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 82042465c3b5477fc4f44be36077eab11b6b511b
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1658931279;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=lL1f4dnuWEw8CrTl4AaSg7Fk7F+cgP91LsmO3qzuH58=;
	b=VoESQUdGJIVlbqurQ/D63AqmWiFPNhFHD06pYiuCrnZ+CnwQWuRoILOssh3zE4LtWwrb1a
	xJqeOVzZ7B8PbkmAUC58v/Gg6Lf/ntzNumbFkUfMeLAFob4NtBFtGkr/lf3jyup4YRYKNs
	y2JK5BPqADSuXbtKdHU4Yo5+gkJgi8alO4I/G2EdPPQ7fwBcw5XTodZfsH/4ozrylHz0oT
	7zYt0ay3+IYL/THqSkdSO1Lq1/f8aUYJt44FlTz1E4m9PZH0cN30XwooL7DYpH86hS+pNq
	QGu/QTR+beh6QjLks0OJy8uhQ+2quy8n2CQX38HOVA+sVy2kr9U/NXBgsrmlnA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1658931279; a=rsa-sha256; cv=none;
	b=o3DCgcs18ojWFbPeVJjx6O+r4NKSlHMtkph0+PnKlsy4G7hJqlhzOkDH19LG6pcLGmgn9/
	ivXRFUDvplDSAN6ieyjGjzzNssCLOIV/yFK1TyFOfY+BGM8aITTHcHUMwUrsg+F+k+rd3z
	bjoI8et+A0IQK/ps611Q8GDjFfT3S0BydxviAbfh9W7/b7TjXtT/ygt7uI9ZCXe1PIKD9P
	eg2NDwOftRyK0BZE8vEA0tsY6tvkQjRbFWWPt31QOumwKMRhtdPA/ThgK69UGgiVbsoc9M
	Ks6w4thRyzyvcmGPJuoVViMrlNkzqtWk5MAEIlzmnlUj1nwd9u7EdaMQ0C12NA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by kd:

URL: https://cgit.FreeBSD.org/src/commit/?id=82042465c3b5477fc4f44be36077eab11b6b511b

commit 82042465c3b5477fc4f44be36077eab11b6b511b
Author:     Kornel Dulęba <kd@FreeBSD.org>
AuthorDate: 2022-07-20 07:22:34 +0000
Commit:     Kornel Dulęba <kd@FreeBSD.org>
CommitDate: 2022-07-27 14:09:56 +0000

    icmp6: Improve validation of PMTU
    
    Currently we accept any pmtu between IPV6_MMTU(1280B) and the link mtu.
    In some network topologies could allow a bad actor to perform a DOS attack.
    Contrary to IPv4 in IPv6 oversized packets are dropped, and a ICMP
    PACKET_TOO_BIG message is sent back to the sender.
    After receiving an ICMPv6 packet with pmtu bigger than the
    current one the victim will start sending frames that will be dropped
    a router with reduced MTU.
    Although it will eventually receive another message with correct pmtu,
    an attacker can still just inject their spoofed packets frequently
    enough to overwrite the correct value.
    This issue is described in detail in RFC8201, section 6.
    Fix this by checking the current pmtu, and accepting the new one only
    if it's smaller.
    
    Approved by:    mw(mentor)
    Reviewed by:    tuexen
    MFC after:      1 week
    Sponsored by:   Stormshield
    Obtained from:  Semihalf
    Differential Revision: https://reviews.freebsd.org/D35871
---
 sys/netinet6/icmp6.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c
index 3632f9396be0..832061ad9328 100644
--- a/sys/netinet6/icmp6.c
+++ b/sys/netinet6/icmp6.c
@@ -1111,6 +1111,7 @@ icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated)
 	struct mbuf *m = ip6cp->ip6c_m;	/* will be necessary for scope issue */
 	u_int mtu = ntohl(icmp6->icmp6_mtu);
 	struct in_conninfo inc;
+	uint32_t max_mtu;
 
 #if 0
 	/*
@@ -1151,7 +1152,11 @@ icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated)
 	if (in6_setscope(&inc.inc6_faddr, m->m_pkthdr.rcvif, NULL))
 		return;
 
-	if (mtu < tcp_maxmtu6(&inc, NULL)) {
+	max_mtu = tcp_hc_getmtu(&inc);
+	if (max_mtu == 0)
+		max_mtu = tcp_maxmtu6(&inc, NULL);
+
+	if (mtu < max_mtu) {
 		tcp_hc_updatemtu(&inc, mtu);
 		ICMP6STAT_INC(icp6s_pmtuchg);
 	}