Checking for IPv4 mapped addreses and dropping the packet is done

in ip6_input().  Do not check that again in the protocol input
functions.
OK mpi@

2 files changed, 2 insertions, 15 deletions

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 38b2f7c6748..b549bbbc3aa 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_input.c,v 1.343 2017/05/04 17:58:46 bluhm Exp $	*/
+/*	$OpenBSD: tcp_input.c,v 1.344 2017/05/06 16:35:59 bluhm Exp $	*/
 /*	$NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $	*/
 
 /*
@@ -424,13 +424,6 @@ tcp_input(struct mbuf **mp, int *offp, int proto, int af)
 		iptos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
 #endif
 
-		/* Be proactive about malicious use of IPv4 mapped address */
-		if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
-		    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
-			/* XXX stat */
-			goto drop;
-		}
-
 		/*
 		 * Be proactive about unspecified IPv6 address in source.
 		 * As we use all-zero to indicate unbounded/unconnected pcb,
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index e486dcbaec2..6369d41cf0e 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: udp_usrreq.c,v 1.236 2017/05/04 17:58:46 bluhm Exp $	*/
+/*	$OpenBSD: udp_usrreq.c,v 1.237 2017/05/06 16:35:59 bluhm Exp $	*/
 /*	$NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $	*/
 
 /*
@@ -225,12 +225,6 @@ udp_input(struct mbuf **mp, int *offp, int proto, int af)
 			goto bad;
 		}
 		ip6 = mtod(m, struct ip6_hdr *);
-		/* Be proactive about malicious use of IPv4 mapped address */
-		if (IN6_IS_ADDR_V4MAPPED(&ip6->ip6_src) ||
-		    IN6_IS_ADDR_V4MAPPED(&ip6->ip6_dst)) {
-			/* XXX stat */
-			goto bad;
-		}
 		break;
 #endif /* INET6 */
 	default: