git: 7f3b00a87aff - main - netinet: filter out invalid ICMP responses in ip_icmp()

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gleb Smirnoff <glebius_at_FreeBSD.org>
Date: Tue, 04 Oct 2022 03:57:34 UTC
The branch main has been updated by glebius:

URL: https://cgit.FreeBSD.org/src/commit/?id=7f3b00a87aff787e93c3896279105510440627f8

commit 7f3b00a87aff787e93c3896279105510440627f8
Author:     Gleb Smirnoff <glebius@FreeBSD.org>
AuthorDate: 2022-10-04 03:53:04 +0000
Commit:     Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2022-10-04 03:53:04 +0000

    netinet: filter out invalid ICMP responses in ip_icmp()
    
    instead of doing that in every ipproto_ctlinput_t method.
    
    Reviewed by:            melifaro
    Differential revision:  https://reviews.freebsd.org/D36728
---
 sys/netinet/ip_icmp.c     | 3 +++
 sys/netinet/sctp_usrreq.c | 3 ---
 sys/netinet/tcp_subr.c    | 3 ---
 sys/netinet/udp_usrreq.c  | 3 ---
 4 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c
index 709f920106cc..f0cc703c2757 100644
--- a/sys/netinet/ip_icmp.c
+++ b/sys/netinet/ip_icmp.c
@@ -546,6 +546,9 @@ icmp_input(struct mbuf **mp, int *offp, int proto)
 		/* Discard ICMP's in response to multicast packets */
 		if (IN_MULTICAST(ntohl(icp->icmp_ip.ip_dst.s_addr)))
 			goto badcode;
+		/* Filter out responses to INADDR_ANY, protocols ignore it. */
+		if (icp->icmp_ip.ip_dst.s_addr == INADDR_ANY)
+			goto freeit;
 #ifdef ICMPPRINTFS
 		if (icmpprintfs)
 			printf("deliver to protocol %d\n", icp->icmp_ip.ip_p);
diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index e5ddac897d47..fdb195d79656 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -272,9 +272,6 @@ sctp_ctlinput(int cmd, struct sockaddr_in *sin, struct ip *ip)
 	struct sctp_init_chunk *ch;
 	struct sockaddr_in src, dst;
 
-	if (sin->sin_addr.s_addr == INADDR_ANY) {
-		return;
-	}
 	if (PRC_IS_REDIRECT(cmd)) {
 		ip = NULL;
 	} else if ((unsigned)cmd >= PRC_NCMDS || inetctlerrmap[cmd] == 0) {
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index 0b02f9b66651..e88b3b92b193 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -2866,9 +2866,6 @@ tcp_ctlinput_with_port(int cmd, struct sockaddr_in *sin, struct ip *ip,
 	tcp_seq icmp_tcp_seq;
 	int mtu;
 
-	if (sin->sin_addr.s_addr == INADDR_ANY)
-		return;
-
 	if (cmd == PRC_MSGSIZE)
 		notify = tcp_mtudisc_notify;
 	else if (V_icmp_may_rst && (cmd == PRC_UNREACH_ADMIN_PROHIB ||
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 68de037ada1a..372341a0351c 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -746,9 +746,6 @@ udp_common_ctlinput(int cmd, struct sockaddr_in *sin, struct ip *ip,
 	struct udphdr *uh;
 	struct inpcb *inp;
 
-	if (sin->sin_addr.s_addr == INADDR_ANY)
-		return;
-
 	if (PRC_IS_REDIRECT(cmd)) {
 		/* signal EHOSTDOWN, as it flushes the cached route */
 		in_pcbnotifyall(pcbinfo, sin->sin_addr, EHOSTDOWN, udp_notify);