diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2017-08-10 18:38:34 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2017-08-10 18:38:34 +0000 |
| commit | 487db998ce607583793753065cd93b0f8f6d6a6c (patch) | |
| tree | 69385bc987f59beead1a7ec3ad4c6b55920cd69d /sys/net/if_vxlan.c | |
| parent | f0477a05af9bcd65559bababe6e1929c68184bf2 (diff) | |
A missing break in vxlan_sockaddr_cmp() could eventually trick an
vxlan interface into accepting packets for the wrong destination (if
the sockaddr_in6 checks somehow match on sockaddr_in addresses).
Coverity CID 1452902; Severity: Moderate
OK mikeb@
Diffstat (limited to 'sys/net/if_vxlan.c')
| -rw-r--r-- | sys/net/if_vxlan.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/net/if_vxlan.c b/sys/net/if_vxlan.c index ec28e4a9754..18a1dfb47bd 100644 --- a/sys/net/if_vxlan.c +++ b/sys/net/if_vxlan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vxlan.c,v 1.60 2017/05/04 15:00:24 bluhm Exp $ */ +/* $OpenBSD: if_vxlan.c,v 1.61 2017/08/10 18:38:33 reyk Exp $ */ /* * Copyright (c) 2013 Reyk Floeter <reyk@openbsd.org> @@ -538,6 +538,7 @@ vxlan_sockaddr_cmp(struct sockaddr *srcsa, struct sockaddr *dstsa) dst4 = satosin(dstsa); if (src4->sin_addr.s_addr == dst4->sin_addr.s_addr) return (0); + break; #ifdef INET6 case AF_INET6: src6 = satosin6(srcsa); @@ -545,6 +546,7 @@ vxlan_sockaddr_cmp(struct sockaddr *srcsa, struct sockaddr *dstsa) if (IN6_ARE_ADDR_EQUAL(&src6->sin6_addr, &dst6->sin6_addr) && src6->sin6_scope_id == dst6->sin6_scope_id) return (0); + break; #endif /* INET6 */ } |