diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2021-01-09 14:55:22 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2021-01-09 14:55:22 +0000 |
| commit | 6a01ba42f060ba2bde4ace5407eb15834c378cc2 (patch) | |
| tree | d59a1432c209ac108065cbd8a94fe99b3b8523b6 /usr.sbin/ypserv/ypxfr/ypxfr_2perday.sh | |
| parent | b9a7f05beaaf47044bb62741a89d6362b8471062 (diff) | |
Syzkaller has found a stack overflow in socket splicing. Broadcast
packets were resent through simplex broadcast delivery and socket
splicing. Although there is an M_LOOP check in somove(9), it did
not take effect. if_input_local() cleared the M_BCAST and M_MCAST
flags with m_resethdr().
As if_input_local() is used for broadcast and multicast delivery,
it was a mistake to delete them. Keep the M_BCAST and M_MCAST mbuf
flags when packets are reinjected into the network stack.
Reported-by: syzbot+a43ace363f1b663238f8@syzkaller.appspotmail.com
OK anton@; discussed with claudio@
Diffstat (limited to 'usr.sbin/ypserv/ypxfr/ypxfr_2perday.sh')
0 files changed, 0 insertions, 0 deletions