diff options
-rw-r--r-- | sys/kern/uipc_usrreq.c | 66 | ||||
-rw-r--r-- | sys/netinet/in.c | 20 | ||||
-rw-r--r-- | sys/netinet/in.h | 3 | ||||
-rw-r--r-- | sys/netinet/in_pcb.c | 25 | ||||
-rw-r--r-- | sys/netinet/raw_ip.c | 29 | ||||
-rw-r--r-- | sys/netinet/udp_usrreq.c | 14 | ||||
-rw-r--r-- | sys/netinet6/in6.c | 20 | ||||
-rw-r--r-- | sys/netinet6/in6.h | 3 | ||||
-rw-r--r-- | sys/netinet6/in6_pcb.c | 14 | ||||
-rw-r--r-- | sys/netinet6/raw_ip6.c | 24 | ||||
-rw-r--r-- | sys/netinet6/udp6_output.c | 13 |
11 files changed, 117 insertions, 114 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index d2df74e3236..07e032ca0a3 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.118 2017/06/26 09:32:31 mpi Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.119 2017/08/11 19:53:02 bluhm Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -70,7 +70,7 @@ struct unp_deferral { void unp_discard(struct fdpass *, int); void unp_mark(struct fdpass *, int); void unp_scan(struct mbuf *, void (*)(struct fdpass *, int)); - +int unp_nam2sun(struct mbuf *, struct sockaddr_un **, size_t *); /* list of sets of files that were sent over sockets that are now closed */ SLIST_HEAD(,unp_deferral) unp_deferred = SLIST_HEAD_INITIALIZER(unp_deferred); @@ -405,7 +405,7 @@ unp_detach(struct unpcb *unp) int unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p) { - struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); + struct sockaddr_un *soun; struct mbuf *nam2; struct vnode *vp; struct vattr vattr; @@ -415,17 +415,8 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p) if (unp->unp_vnode != NULL) return (EINVAL); - - if (soun->sun_len > sizeof(struct sockaddr_un) || - soun->sun_len < offsetof(struct sockaddr_un, sun_path)) - return (EINVAL); - if (soun->sun_family != AF_UNIX) - return (EAFNOSUPPORT); - - pathlen = strnlen(soun->sun_path, soun->sun_len - - offsetof(struct sockaddr_un, sun_path)); - if (pathlen == sizeof(soun->sun_path)) - return (EINVAL); + if ((error = unp_nam2sun(nam, &soun, &pathlen))) + return (error); nam2 = m_getclr(M_WAITOK, MT_SONAME); nam2->m_len = sizeof(struct sockaddr_un); @@ -480,22 +471,15 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p) int unp_connect(struct socket *so, struct mbuf *nam, struct proc *p) { - struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *); + struct sockaddr_un *soun; struct vnode *vp; struct socket *so2, *so3; struct unpcb *unp, *unp2, *unp3; struct nameidata nd; int error; - if (soun->sun_family != AF_UNIX) - return (EAFNOSUPPORT); - - if (nam->m_len < sizeof(struct sockaddr_un)) - *(mtod(nam, caddr_t) + nam->m_len) = 0; - else if (nam->m_len > sizeof(struct sockaddr_un)) - return (EINVAL); - else if (memchr(soun->sun_path, '\0', sizeof(soun->sun_path)) == NULL) - return (EINVAL); + if ((error = unp_nam2sun(nam, &soun, NULL))) + return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p); nd.ni_pledge = PLEDGE_UNIX; @@ -1076,3 +1060,37 @@ unp_discard(struct fdpass *rp, int nfds) task_add(systq, &unp_gc_task); } + +int +unp_nam2sun(struct mbuf *nam, struct sockaddr_un **sun, size_t *pathlen) +{ + struct sockaddr *sa = mtod(nam, struct sockaddr *); + size_t size, len; + + if (nam->m_len < offsetof(struct sockaddr, sa_data)) + return EINVAL; + if (sa->sa_family != AF_UNIX) + return EAFNOSUPPORT; + if (sa->sa_len != nam->m_len) + return EINVAL; + if (sa->sa_len > sizeof(struct sockaddr_un)) + return EINVAL; + *sun = (struct sockaddr_un *)sa; + + /* ensure that sun_path is NUL terminated and fits */ + size = (*sun)->sun_len - offsetof(struct sockaddr_un, sun_path); + len = strnlen((*sun)->sun_path, size); + if (len == sizeof((*sun)->sun_path)) + return EINVAL; + if (len == size) { + if (M_TRAILINGSPACE(nam) == 0) + return EINVAL; + nam->m_len++; + (*sun)->sun_len++; + (*sun)->sun_path[len] = '\0'; + } + if (pathlen != NULL) + *pathlen = len; + + return 0; +} diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 4aa12f06985..71e58d18943 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in.c,v 1.139 2017/05/29 14:36:22 mpi Exp $ */ +/* $OpenBSD: in.c,v 1.140 2017/08/11 19:53:02 bluhm Exp $ */ /* $NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $ */ /* @@ -164,6 +164,24 @@ in_len2mask(struct in_addr *mask, int len) p[i] = (0xff00 >> (len % 8)) & 0xff; } +int +in_nam2sin(const struct mbuf *nam, struct sockaddr_in **sin) +{ + struct sockaddr *sa = mtod(nam, struct sockaddr *); + + if (nam->m_len < offsetof(struct sockaddr, sa_data)) + return EINVAL; + if (sa->sa_family != AF_INET) + return EAFNOSUPPORT; + if (sa->sa_len != nam->m_len) + return EINVAL; + if (sa->sa_len != sizeof(struct sockaddr_in)) + return EINVAL; + *sin = satosin(sa); + + return 0; +} + /* * Generic internet control operations (ioctl's). */ diff --git a/sys/netinet/in.h b/sys/netinet/in.h index 8d59a6a3e8c..68a3826459d 100644 --- a/sys/netinet/in.h +++ b/sys/netinet/in.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in.h,v 1.123 2017/05/30 07:50:37 mpi Exp $ */ +/* $OpenBSD: in.h,v 1.124 2017/08/11 19:53:02 bluhm Exp $ */ /* $NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $ */ /* @@ -818,6 +818,7 @@ void in_proto_cksum_out(struct mbuf *, struct ifnet *); void in_ifdetach(struct ifnet *); int in_mask2len(struct in_addr *); void in_len2mask(struct in_addr *, int); +int in_nam2sin(const struct mbuf *, struct sockaddr_in **); char *inet_ntoa(struct in_addr); int inet_nat64(int, const void *, void *, const void *, u_int8_t); diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 481a374be81..6027e880629 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.223 2017/08/04 18:16:42 bluhm Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.224 2017/08/11 19:53:02 bluhm Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -327,12 +327,9 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p) if (nam) { struct sockaddr_in6 *sin6; - sin6 = mtod(nam, struct sockaddr_in6 *); - if (nam->m_len != sizeof(struct sockaddr_in6)) - return (EINVAL); - if (sin6->sin6_family != AF_INET6) - return (EAFNOSUPPORT); + if ((error = in6_nam2sin6(nam, &sin6))) + return (error); if ((error = in6_pcbaddrisavail(inp, sin6, wild, p))) return (error); laddr = &sin6->sin6_addr; @@ -346,12 +343,9 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p) if (nam) { struct sockaddr_in *sin; - sin = mtod(nam, struct sockaddr_in *); - if (nam->m_len != sizeof(*sin)) - return (EINVAL); - if (sin->sin_family != AF_INET) - return (EAFNOSUPPORT); + if ((error = in_nam2sin(nam, &sin))) + return (error); if ((error = in_pcbaddrisavail(inp, sin, wild, p))) return (error); laddr = &sin->sin_addr; @@ -511,7 +505,7 @@ int in_pcbconnect(struct inpcb *inp, struct mbuf *nam) { struct in_addr *ina = NULL; - struct sockaddr_in *sin = mtod(nam, struct sockaddr_in *); + struct sockaddr_in *sin; int error; #ifdef INET6 @@ -521,13 +515,10 @@ in_pcbconnect(struct inpcb *inp, struct mbuf *nam) panic("IPv6 pcb passed into in_pcbconnect"); #endif /* INET6 */ - if (nam->m_len != sizeof(*sin)) - return (EINVAL); - if (sin->sin_family != AF_INET) - return (EAFNOSUPPORT); + if ((error = in_nam2sin(nam, &sin))) + return (error); if (sin->sin_port == 0) return (EADDRNOTAVAIL); - error = in_pcbselsrc(&ina, sin, inp); if (error) return (error); diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 8a14690911d..ebd835a929e 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip.c,v 1.100 2017/06/26 09:32:32 mpi Exp $ */ +/* $OpenBSD: raw_ip.c,v 1.101 2017/08/11 19:53:02 bluhm Exp $ */ /* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */ /* @@ -434,16 +434,10 @@ rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, case PRU_BIND: { - struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); + struct sockaddr_in *addr; - if (nam->m_len != sizeof(*addr)) { - error = EINVAL; - break; - } - if (addr->sin_family != AF_INET) { - error = EADDRNOTAVAIL; + if ((error = in_nam2sin(nam, &addr))) break; - } if (!((so->so_options & SO_BINDANY) || addr->sin_addr.s_addr == INADDR_ANY || addr->sin_addr.s_addr == INADDR_BROADCAST || @@ -457,16 +451,10 @@ rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, } case PRU_CONNECT: { - struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *); + struct sockaddr_in *addr; - if (nam->m_len != sizeof(*addr)) { - error = EINVAL; + if ((error = in_nam2sin(nam, &addr))) break; - } - if (addr->sin_family != AF_INET) { - error = EAFNOSUPPORT; - break; - } inp->inp_faddr = addr->sin_addr; soisconnected(so); break; @@ -501,12 +489,15 @@ rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, } dst.sin_addr = inp->inp_faddr; } else { + struct sockaddr_in *addr; + if (nam == NULL) { error = ENOTCONN; break; } - dst.sin_addr = - mtod(nam, struct sockaddr_in *)->sin_addr; + if ((error = in_nam2sin(nam, &addr))) + break; + dst.sin_addr = addr->sin_addr; } #ifdef IPSEC /* XXX Find an IPsec TDB */ diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 9700554b3ab..486b8d176e0 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp_usrreq.c,v 1.238 2017/06/26 09:32:32 mpi Exp $ */ +/* $OpenBSD: udp_usrreq.c,v 1.239 2017/08/11 19:53:02 bluhm Exp $ */ /* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */ /* @@ -960,26 +960,16 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr, } if (addr) { - sin = mtod(addr, struct sockaddr_in *); - - if (addr->m_len != sizeof(*sin)) { - error = EINVAL; - goto release; - } - if (sin->sin_family != AF_INET) { - error = EAFNOSUPPORT; + if ((error = in_nam2sin(addr, &sin))) goto release; - } if (sin->sin_port == 0) { error = EADDRNOTAVAIL; goto release; } - if (inp->inp_faddr.s_addr != INADDR_ANY) { error = EISCONN; goto release; } - error = in_pcbselsrc(&laddr, sin, inp); if (error) goto release; diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index ce28f466a5c..b83e6df6c66 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.c,v 1.209 2017/08/08 18:15:58 florian Exp $ */ +/* $OpenBSD: in6.c,v 1.210 2017/08/11 19:53:02 bluhm Exp $ */ /* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */ /* @@ -164,6 +164,24 @@ in6_mask2len(struct in6_addr *mask, u_char *lim0) } int +in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6) +{ + struct sockaddr *sa = mtod(nam, struct sockaddr *); + + if (nam->m_len < offsetof(struct sockaddr, sa_data)) + return EINVAL; + if (sa->sa_family != AF_INET6) + return EAFNOSUPPORT; + if (sa->sa_len != nam->m_len) + return EINVAL; + if (sa->sa_len != sizeof(struct sockaddr_in6)) + return EINVAL; + *sin6 = satosin6(sa); + + return 0; +} + +int in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) { int privileged; diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h index ac0120e4217..0caae1f586a 100644 --- a/sys/netinet6/in6.h +++ b/sys/netinet6/in6.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in6.h,v 1.97 2017/07/13 17:17:27 florian Exp $ */ +/* $OpenBSD: in6.h,v 1.98 2017/08/11 19:53:02 bluhm Exp $ */ /* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */ /* @@ -420,6 +420,7 @@ int in6_addrscope(struct in6_addr *); struct in6_ifaddr *in6_ifawithscope(struct ifnet *, struct in6_addr *, u_int); void in6_get_rand_ifid(struct ifnet *, struct in6_addr *); int in6_mask2len(struct in6_addr *, u_char *); +int in6_nam2sin6(const struct mbuf *, struct sockaddr_in6 **); struct inpcb; diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index ae7eb146bfe..194eabf1b1b 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_pcb.c,v 1.99 2017/08/04 18:16:42 bluhm Exp $ */ +/* $OpenBSD: in6_pcb.c,v 1.100 2017/08/11 19:53:02 bluhm Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -244,16 +244,12 @@ int in6_pcbconnect(struct inpcb *inp, struct mbuf *nam) { struct in6_addr *in6a = NULL; - struct sockaddr_in6 *sin6 = mtod(nam, struct sockaddr_in6 *); - int error = 0; + struct sockaddr_in6 *sin6; + int error; struct sockaddr_in6 tmp; - (void)&in6a; /* XXX fool gcc */ - - if (nam->m_len != sizeof(*sin6)) - return (EINVAL); - if (sin6->sin6_family != AF_INET6) - return (EAFNOSUPPORT); + if ((error = in6_nam2sin6(nam, &sin6))) + return (error); if (sin6->sin6_port == 0) return (EADDRNOTAVAIL); /* reject IPv4 mapped address, we have no support for it */ diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 9f989ef006b..f1c44f77a49 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: raw_ip6.c,v 1.115 2017/06/26 09:32:32 mpi Exp $ */ +/* $OpenBSD: raw_ip6.c,v 1.116 2017/08/11 19:53:02 bluhm Exp $ */ /* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */ /* @@ -609,17 +609,10 @@ rip6_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, case PRU_BIND: { - struct sockaddr_in6 *addr = mtod(nam, struct sockaddr_in6 *); + struct sockaddr_in6 *addr; - if (nam->m_len != sizeof(*addr)) { - error = EINVAL; - break; - } - if (addr->sin6_family != AF_INET6) { - error = EADDRNOTAVAIL; + if ((error = in6_nam2sin6(nam, &addr))) break; - } - /* * Make sure to not enter in_pcblookup_local(), local ports * are non-sensical for raw sockets. @@ -635,18 +628,11 @@ rip6_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam, case PRU_CONNECT: { - struct sockaddr_in6 *addr = mtod(nam, struct sockaddr_in6 *); + struct sockaddr_in6 *addr; struct in6_addr *in6a = NULL; - if (nam->m_len != sizeof(*addr)) { - error = EINVAL; - break; - } - if (addr->sin6_family != AF_INET6) { - error = EAFNOSUPPORT; + if ((error = in6_nam2sin6(nam, &addr))) break; - } - /* Source address selection. XXX: need pcblookup? */ error = in6_pcbselsrc(&in6a, addr, in6p, in6p->inp_outputopts6); if (error) diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c index 34f8a1c0318..ecece8ae82d 100644 --- a/sys/netinet6/udp6_output.c +++ b/sys/netinet6/udp6_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: udp6_output.c,v 1.54 2017/05/13 17:44:38 bluhm Exp $ */ +/* $OpenBSD: udp6_output.c,v 1.55 2017/08/11 19:53:02 bluhm Exp $ */ /* $KAME: udp6_output.c,v 1.21 2001/02/07 11:51:54 itojun Exp $ */ /* @@ -117,16 +117,10 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6, optp = in6p->inp_outputopts6; if (addr6) { - struct sockaddr_in6 *sin6 = mtod(addr6, struct sockaddr_in6 *); + struct sockaddr_in6 *sin6; - if (addr6->m_len != sizeof(*sin6)) { - error = EINVAL; - goto release; - } - if (sin6->sin6_family != AF_INET6) { - error = EAFNOSUPPORT; + if ((error = in6_nam2sin6(addr6, &sin6))) goto release; - } if (sin6->sin6_port == 0) { error = EADDRNOTAVAIL; goto release; @@ -135,7 +129,6 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6, error = EADDRNOTAVAIL; goto release; } - if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->inp_faddr6)) { error = EISCONN; goto release; |