diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-12-28 23:54:59 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 1998-12-28 23:54:59 +0000 |
| commit | 5e3ac19aefa8383bc8bc22d88fdf7989eab7f03e (patch) | |
| tree | 6c1fb54ac47035e03365aab197a8262e4d51d72e /sys/netinet | |
| parent | 2f0405042d1caaeaca610357e181c72a738dd0b7 (diff) | |
ensure the ip packet embedded inside an icmp packet has correct ip_len,
ip_off, ip_id. for udp, also correct uh_sum. ip_sum is still set to 0;
(all this debugged using nmap)
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_input.c | 13 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 7 |
2 files changed, 17 insertions, 3 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 9b1f9cd4a02..8c893c4ee2c 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.33 1998/12/26 12:35:11 provos Exp $ */ +/* $OpenBSD: ip_input.c,v 1.34 1998/12/28 23:54:57 deraadt Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -911,6 +911,9 @@ ip_dooptions(m) return (0); bad: ip->ip_len -= ip->ip_hl << 2; /* XXX icmp_error adds in hdr length */ + HTONS(ip->ip_len); /* XXX because ip_input changed these three */ + HTONS(ip->ip_id); + HTONS(ip->ip_off); icmp_error(m, type, code, 0, 0); ipstat.ips_badoptions++; return (1); @@ -1154,6 +1157,8 @@ ip_forward(m, srcrt) } HTONS(ip->ip_id); if (ip->ip_ttl <= IPTTLDEC) { + HTONS(ip->ip_off); + HTONS(ip->ip_len); icmp_error(m, ICMP_TIMXCEED, ICMP_TIMXCEED_INTRANS, dest, 0); return; } @@ -1172,6 +1177,8 @@ ip_forward(m, srcrt) rtalloc(&ipforward_rt); if (ipforward_rt.ro_rt == 0) { + HTONS(ip->ip_off); + HTONS(ip->ip_len); icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_HOST, dest, 0); return; } @@ -1263,6 +1270,10 @@ ip_forward(m, srcrt) code = 0; break; } + + ip = mtod(mcopy, struct ip *); + HTONS(ip->ip_off); + HTONS(ip->ip_len); icmp_error(mcopy, type, code, dest, destifp); } diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index b3bf8845dd5..1fe83330053 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.15 1998/05/18 21:11:12 provos Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.16 1998/12/28 23:54:58 deraadt Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -172,7 +172,7 @@ udp_input(m, va_alist) bzero(((struct ipovly *)ip)->ih_x1, sizeof ((struct ipovly *)ip)->ih_x1); ((struct ipovly *)ip)->ih_len = uh->uh_ulen; - if ((uh->uh_sum = in_cksum(m, len + sizeof (struct ip))) != 0) { + if (in_cksum(m, len + sizeof (struct ip)) != 0) { udpstat.udps_badsum++; m_freem(m); return; @@ -288,6 +288,9 @@ udp_input(m, va_alist) goto bad; } *ip = save_ip; + HTONS(ip->ip_len); + HTONS(ip->ip_id); + HTONS(ip->ip_off); icmp_error(m, ICMP_UNREACH, ICMP_UNREACH_PORT, 0, 0); return; } |