diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-08-11 19:53:03 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2017-08-11 19:53:03 +0000 |
| commit | 80ea0fdcccada4edc03c233308577d3cdffa73fe (patch) | |
| tree | 3e0a37b5d04229eb6343d2c414a648a0eb02d1bc /sys/netinet6/in6.c | |
| parent | 9352f67a254d317d6f2624bfc0f8f5d688d1f490 (diff) | |
Validate sockaddr from userland in central functions. This results
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
Diffstat (limited to 'sys/netinet6/in6.c')
| -rw-r--r-- | sys/netinet6/in6.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index ce28f466a5c..b83e6df6c66 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.c,v 1.209 2017/08/08 18:15:58 florian Exp $ */ +/* $OpenBSD: in6.c,v 1.210 2017/08/11 19:53:02 bluhm Exp $ */ /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ /* @@ -164,6 +164,24 @@ in6_mask2len(struct in6_addr *mask, u_char *lim0) } int +in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6) +{ + struct sockaddr *sa = mtod(nam, struct sockaddr *); + + if (nam->m_len < offsetof(struct sockaddr, sa_data)) + return EINVAL; + if (sa->sa_family != AF_INET6) + return EAFNOSUPPORT; + if (sa->sa_len != nam->m_len) + return EINVAL; + if (sa->sa_len != sizeof(struct sockaddr_in6)) + return EINVAL; + *sin6 = satosin6(sa); + + return 0; +} + +int in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) { int privileged; |