diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2008-07-10 07:41:22 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2008-07-10 07:41:22 +0000 |
commit | dc1ecf146e4c99810663f29de8843975947a7a64 (patch) | |
tree | 69361157d2890a1098c1871b82cca6ab10363848 /sys/net/pf.c | |
parent | 4ab0904d9a4d46030b5d651081155db15eddc27f (diff) |
check pf NAT source port allocation against net.inet.(tcp|udp).baddynamic
lists; prevents use of ports corresponding to well-known services.
replace a couple of arc4random()%N with arc4random_uniform(N) that
missed the first round.
ok mcbride@
Diffstat (limited to 'sys/net/pf.c')
-rw-r--r-- | sys/net/pf.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 985ca3640a0..e21bf9f9f16 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.608 2008/07/10 05:44:54 david Exp $ */ +/* $OpenBSD: pf.c,v 1.609 2008/07/10 07:41:21 djm Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -2429,12 +2429,12 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, high = tmp; } /* low < high */ - cut = htonl(arc4random()) % (1 + high - low) + low; + cut = arc4random_uniform(1 + high - low) + low; /* low <= cut <= high */ for (tmp = cut; tmp <= high; ++(tmp)) { key.port[0] = htons(tmp); if (pf_find_state_all(&key, PF_IN, NULL) == - NULL) { + NULL && !in_baddynamic(tmp, proto)) { *nport = htons(tmp); return (0); } @@ -2442,7 +2442,7 @@ pf_get_sport(sa_family_t af, u_int8_t proto, struct pf_rule *r, for (tmp = cut - 1; tmp >= low; --(tmp)) { key.port[0] = htons(tmp); if (pf_find_state_all(&key, PF_IN, NULL) == - NULL) { + NULL && !in_baddynamic(tmp, proto)) { *nport = htons(tmp); return (0); } @@ -3235,8 +3235,8 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, !pf_match_gid(r->gid.op, r->gid.gid[0], r->gid.gid[1], pd->lookup.gid)) r = TAILQ_NEXT(r, entries); - else if (r->prob && r->prob <= - (arc4random() % (UINT_MAX - 1) + 1)) + else if (r->prob && + r->prob <= arc4random_uniform(UINT_MAX - 1) + 1) r = TAILQ_NEXT(r, entries); else if (r->match_tag && !pf_match_tag(m, r, &tag)) r = TAILQ_NEXT(r, entries); |