diff options
| author | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-01-06 20:24:34 +0000 |
|---|---|---|
| committer | Daniel Hartmeier <dhartmei@cvs.openbsd.org> | 2004-01-06 20:24:34 +0000 |
| commit | d219c9759f99a1cb0bac41fd7beb1479156d0077 (patch) | |
| tree | db36d1491e3ba3f12cc2dd4afe187dded39bd219 /sys | |
| parent | 7aa7fa616603dc138ea815d3254c0653df330317 (diff) | |
Drop UDP packets with destination port 0, or zero or oversized payload
length (same as udp_input() does, if pf is not enabled). Found by
Pyun YongHyeon. ok cedric@, ho@, henning@ and markus@.
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 738aa05f777..9024da00980 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.417 2004/01/05 18:41:47 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.418 2004/01/06 20:24:33 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5361,6 +5361,12 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) action = PF_DROP; goto done; } + if (uh.uh_dport == 0 || + ntohs(uh.uh_ulen) > m->m_pkthdr.len - off || + ntohs(uh.uh_ulen) < sizeof(struct udphdr)) { + action = PF_DROP; + goto done; + } action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { #if NPFSYNC @@ -5678,6 +5684,12 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0) action = PF_DROP; goto done; } + if (uh.uh_dport == 0 || + ntohs(uh.uh_ulen) > m->m_pkthdr.len - off || + ntohs(uh.uh_ulen) < sizeof(struct udphdr)) { + action = PF_DROP; + goto done; + } action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { #if NPFSYNC |