summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys/kern/uipc_usrreq.c66
-rw-r--r--sys/netinet/in.c20
-rw-r--r--sys/netinet/in.h3
-rw-r--r--sys/netinet/in_pcb.c25
-rw-r--r--sys/netinet/raw_ip.c29
-rw-r--r--sys/netinet/udp_usrreq.c14
-rw-r--r--sys/netinet6/in6.c20
-rw-r--r--sys/netinet6/in6.h3
-rw-r--r--sys/netinet6/in6_pcb.c14
-rw-r--r--sys/netinet6/raw_ip6.c24
-rw-r--r--sys/netinet6/udp6_output.c13
11 files changed, 117 insertions, 114 deletions
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index d2df74e3236..07e032ca0a3 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uipc_usrreq.c,v 1.118 2017/06/26 09:32:31 mpi Exp $ */
+/* $OpenBSD: uipc_usrreq.c,v 1.119 2017/08/11 19:53:02 bluhm Exp $ */
/* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */
/*
@@ -70,7 +70,7 @@ struct unp_deferral {
void unp_discard(struct fdpass *, int);
void unp_mark(struct fdpass *, int);
void unp_scan(struct mbuf *, void (*)(struct fdpass *, int));
-
+int unp_nam2sun(struct mbuf *, struct sockaddr_un **, size_t *);
/* list of sets of files that were sent over sockets that are now closed */
SLIST_HEAD(,unp_deferral) unp_deferred = SLIST_HEAD_INITIALIZER(unp_deferred);
@@ -405,7 +405,7 @@ unp_detach(struct unpcb *unp)
int
unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p)
{
- struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *);
+ struct sockaddr_un *soun;
struct mbuf *nam2;
struct vnode *vp;
struct vattr vattr;
@@ -415,17 +415,8 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p)
if (unp->unp_vnode != NULL)
return (EINVAL);
-
- if (soun->sun_len > sizeof(struct sockaddr_un) ||
- soun->sun_len < offsetof(struct sockaddr_un, sun_path))
- return (EINVAL);
- if (soun->sun_family != AF_UNIX)
- return (EAFNOSUPPORT);
-
- pathlen = strnlen(soun->sun_path, soun->sun_len -
- offsetof(struct sockaddr_un, sun_path));
- if (pathlen == sizeof(soun->sun_path))
- return (EINVAL);
+ if ((error = unp_nam2sun(nam, &soun, &pathlen)))
+ return (error);
nam2 = m_getclr(M_WAITOK, MT_SONAME);
nam2->m_len = sizeof(struct sockaddr_un);
@@ -480,22 +471,15 @@ unp_bind(struct unpcb *unp, struct mbuf *nam, struct proc *p)
int
unp_connect(struct socket *so, struct mbuf *nam, struct proc *p)
{
- struct sockaddr_un *soun = mtod(nam, struct sockaddr_un *);
+ struct sockaddr_un *soun;
struct vnode *vp;
struct socket *so2, *so3;
struct unpcb *unp, *unp2, *unp3;
struct nameidata nd;
int error;
- if (soun->sun_family != AF_UNIX)
- return (EAFNOSUPPORT);
-
- if (nam->m_len < sizeof(struct sockaddr_un))
- *(mtod(nam, caddr_t) + nam->m_len) = 0;
- else if (nam->m_len > sizeof(struct sockaddr_un))
- return (EINVAL);
- else if (memchr(soun->sun_path, '\0', sizeof(soun->sun_path)) == NULL)
- return (EINVAL);
+ if ((error = unp_nam2sun(nam, &soun, NULL)))
+ return (error);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, soun->sun_path, p);
nd.ni_pledge = PLEDGE_UNIX;
@@ -1076,3 +1060,37 @@ unp_discard(struct fdpass *rp, int nfds)
task_add(systq, &unp_gc_task);
}
+
+int
+unp_nam2sun(struct mbuf *nam, struct sockaddr_un **sun, size_t *pathlen)
+{
+ struct sockaddr *sa = mtod(nam, struct sockaddr *);
+ size_t size, len;
+
+ if (nam->m_len < offsetof(struct sockaddr, sa_data))
+ return EINVAL;
+ if (sa->sa_family != AF_UNIX)
+ return EAFNOSUPPORT;
+ if (sa->sa_len != nam->m_len)
+ return EINVAL;
+ if (sa->sa_len > sizeof(struct sockaddr_un))
+ return EINVAL;
+ *sun = (struct sockaddr_un *)sa;
+
+ /* ensure that sun_path is NUL terminated and fits */
+ size = (*sun)->sun_len - offsetof(struct sockaddr_un, sun_path);
+ len = strnlen((*sun)->sun_path, size);
+ if (len == sizeof((*sun)->sun_path))
+ return EINVAL;
+ if (len == size) {
+ if (M_TRAILINGSPACE(nam) == 0)
+ return EINVAL;
+ nam->m_len++;
+ (*sun)->sun_len++;
+ (*sun)->sun_path[len] = '\0';
+ }
+ if (pathlen != NULL)
+ *pathlen = len;
+
+ return 0;
+}
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 4aa12f06985..71e58d18943 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in.c,v 1.139 2017/05/29 14:36:22 mpi Exp $ */
+/* $OpenBSD: in.c,v 1.140 2017/08/11 19:53:02 bluhm Exp $ */
/* $NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $ */
/*
@@ -164,6 +164,24 @@ in_len2mask(struct in_addr *mask, int len)
p[i] = (0xff00 >> (len % 8)) & 0xff;
}
+int
+in_nam2sin(const struct mbuf *nam, struct sockaddr_in **sin)
+{
+ struct sockaddr *sa = mtod(nam, struct sockaddr *);
+
+ if (nam->m_len < offsetof(struct sockaddr, sa_data))
+ return EINVAL;
+ if (sa->sa_family != AF_INET)
+ return EAFNOSUPPORT;
+ if (sa->sa_len != nam->m_len)
+ return EINVAL;
+ if (sa->sa_len != sizeof(struct sockaddr_in))
+ return EINVAL;
+ *sin = satosin(sa);
+
+ return 0;
+}
+
/*
* Generic internet control operations (ioctl's).
*/
diff --git a/sys/netinet/in.h b/sys/netinet/in.h
index 8d59a6a3e8c..68a3826459d 100644
--- a/sys/netinet/in.h
+++ b/sys/netinet/in.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: in.h,v 1.123 2017/05/30 07:50:37 mpi Exp $ */
+/* $OpenBSD: in.h,v 1.124 2017/08/11 19:53:02 bluhm Exp $ */
/* $NetBSD: in.h,v 1.20 1996/02/13 23:41:47 christos Exp $ */
/*
@@ -818,6 +818,7 @@ void in_proto_cksum_out(struct mbuf *, struct ifnet *);
void in_ifdetach(struct ifnet *);
int in_mask2len(struct in_addr *);
void in_len2mask(struct in_addr *, int);
+int in_nam2sin(const struct mbuf *, struct sockaddr_in **);
char *inet_ntoa(struct in_addr);
int inet_nat64(int, const void *, void *, const void *, u_int8_t);
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 481a374be81..6027e880629 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in_pcb.c,v 1.223 2017/08/04 18:16:42 bluhm Exp $ */
+/* $OpenBSD: in_pcb.c,v 1.224 2017/08/11 19:53:02 bluhm Exp $ */
/* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */
/*
@@ -327,12 +327,9 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p)
if (nam) {
struct sockaddr_in6 *sin6;
- sin6 = mtod(nam, struct sockaddr_in6 *);
- if (nam->m_len != sizeof(struct sockaddr_in6))
- return (EINVAL);
- if (sin6->sin6_family != AF_INET6)
- return (EAFNOSUPPORT);
+ if ((error = in6_nam2sin6(nam, &sin6)))
+ return (error);
if ((error = in6_pcbaddrisavail(inp, sin6, wild, p)))
return (error);
laddr = &sin6->sin6_addr;
@@ -346,12 +343,9 @@ in_pcbbind(struct inpcb *inp, struct mbuf *nam, struct proc *p)
if (nam) {
struct sockaddr_in *sin;
- sin = mtod(nam, struct sockaddr_in *);
- if (nam->m_len != sizeof(*sin))
- return (EINVAL);
- if (sin->sin_family != AF_INET)
- return (EAFNOSUPPORT);
+ if ((error = in_nam2sin(nam, &sin)))
+ return (error);
if ((error = in_pcbaddrisavail(inp, sin, wild, p)))
return (error);
laddr = &sin->sin_addr;
@@ -511,7 +505,7 @@ int
in_pcbconnect(struct inpcb *inp, struct mbuf *nam)
{
struct in_addr *ina = NULL;
- struct sockaddr_in *sin = mtod(nam, struct sockaddr_in *);
+ struct sockaddr_in *sin;
int error;
#ifdef INET6
@@ -521,13 +515,10 @@ in_pcbconnect(struct inpcb *inp, struct mbuf *nam)
panic("IPv6 pcb passed into in_pcbconnect");
#endif /* INET6 */
- if (nam->m_len != sizeof(*sin))
- return (EINVAL);
- if (sin->sin_family != AF_INET)
- return (EAFNOSUPPORT);
+ if ((error = in_nam2sin(nam, &sin)))
+ return (error);
if (sin->sin_port == 0)
return (EADDRNOTAVAIL);
-
error = in_pcbselsrc(&ina, sin, inp);
if (error)
return (error);
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c
index 8a14690911d..ebd835a929e 100644
--- a/sys/netinet/raw_ip.c
+++ b/sys/netinet/raw_ip.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: raw_ip.c,v 1.100 2017/06/26 09:32:32 mpi Exp $ */
+/* $OpenBSD: raw_ip.c,v 1.101 2017/08/11 19:53:02 bluhm Exp $ */
/* $NetBSD: raw_ip.c,v 1.25 1996/02/18 18:58:33 christos Exp $ */
/*
@@ -434,16 +434,10 @@ rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
case PRU_BIND:
{
- struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *);
+ struct sockaddr_in *addr;
- if (nam->m_len != sizeof(*addr)) {
- error = EINVAL;
- break;
- }
- if (addr->sin_family != AF_INET) {
- error = EADDRNOTAVAIL;
+ if ((error = in_nam2sin(nam, &addr)))
break;
- }
if (!((so->so_options & SO_BINDANY) ||
addr->sin_addr.s_addr == INADDR_ANY ||
addr->sin_addr.s_addr == INADDR_BROADCAST ||
@@ -457,16 +451,10 @@ rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
}
case PRU_CONNECT:
{
- struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *);
+ struct sockaddr_in *addr;
- if (nam->m_len != sizeof(*addr)) {
- error = EINVAL;
+ if ((error = in_nam2sin(nam, &addr)))
break;
- }
- if (addr->sin_family != AF_INET) {
- error = EAFNOSUPPORT;
- break;
- }
inp->inp_faddr = addr->sin_addr;
soisconnected(so);
break;
@@ -501,12 +489,15 @@ rip_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
}
dst.sin_addr = inp->inp_faddr;
} else {
+ struct sockaddr_in *addr;
+
if (nam == NULL) {
error = ENOTCONN;
break;
}
- dst.sin_addr =
- mtod(nam, struct sockaddr_in *)->sin_addr;
+ if ((error = in_nam2sin(nam, &addr)))
+ break;
+ dst.sin_addr = addr->sin_addr;
}
#ifdef IPSEC
/* XXX Find an IPsec TDB */
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 9700554b3ab..486b8d176e0 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp_usrreq.c,v 1.238 2017/06/26 09:32:32 mpi Exp $ */
+/* $OpenBSD: udp_usrreq.c,v 1.239 2017/08/11 19:53:02 bluhm Exp $ */
/* $NetBSD: udp_usrreq.c,v 1.28 1996/03/16 23:54:03 christos Exp $ */
/*
@@ -960,26 +960,16 @@ udp_output(struct inpcb *inp, struct mbuf *m, struct mbuf *addr,
}
if (addr) {
- sin = mtod(addr, struct sockaddr_in *);
-
- if (addr->m_len != sizeof(*sin)) {
- error = EINVAL;
- goto release;
- }
- if (sin->sin_family != AF_INET) {
- error = EAFNOSUPPORT;
+ if ((error = in_nam2sin(addr, &sin)))
goto release;
- }
if (sin->sin_port == 0) {
error = EADDRNOTAVAIL;
goto release;
}
-
if (inp->inp_faddr.s_addr != INADDR_ANY) {
error = EISCONN;
goto release;
}
-
error = in_pcbselsrc(&laddr, sin, inp);
if (error)
goto release;
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index ce28f466a5c..b83e6df6c66 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in6.c,v 1.209 2017/08/08 18:15:58 florian Exp $ */
+/* $OpenBSD: in6.c,v 1.210 2017/08/11 19:53:02 bluhm Exp $ */
/* $KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $ */
/*
@@ -164,6 +164,24 @@ in6_mask2len(struct in6_addr *mask, u_char *lim0)
}
int
+in6_nam2sin6(const struct mbuf *nam, struct sockaddr_in6 **sin6)
+{
+ struct sockaddr *sa = mtod(nam, struct sockaddr *);
+
+ if (nam->m_len < offsetof(struct sockaddr, sa_data))
+ return EINVAL;
+ if (sa->sa_family != AF_INET6)
+ return EAFNOSUPPORT;
+ if (sa->sa_len != nam->m_len)
+ return EINVAL;
+ if (sa->sa_len != sizeof(struct sockaddr_in6))
+ return EINVAL;
+ *sin6 = satosin6(sa);
+
+ return 0;
+}
+
+int
in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
{
int privileged;
diff --git a/sys/netinet6/in6.h b/sys/netinet6/in6.h
index ac0120e4217..0caae1f586a 100644
--- a/sys/netinet6/in6.h
+++ b/sys/netinet6/in6.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: in6.h,v 1.97 2017/07/13 17:17:27 florian Exp $ */
+/* $OpenBSD: in6.h,v 1.98 2017/08/11 19:53:02 bluhm Exp $ */
/* $KAME: in6.h,v 1.83 2001/03/29 02:55:07 jinmei Exp $ */
/*
@@ -420,6 +420,7 @@ int in6_addrscope(struct in6_addr *);
struct in6_ifaddr *in6_ifawithscope(struct ifnet *, struct in6_addr *, u_int);
void in6_get_rand_ifid(struct ifnet *, struct in6_addr *);
int in6_mask2len(struct in6_addr *, u_char *);
+int in6_nam2sin6(const struct mbuf *, struct sockaddr_in6 **);
struct inpcb;
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index ae7eb146bfe..194eabf1b1b 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: in6_pcb.c,v 1.99 2017/08/04 18:16:42 bluhm Exp $ */
+/* $OpenBSD: in6_pcb.c,v 1.100 2017/08/11 19:53:02 bluhm Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -244,16 +244,12 @@ int
in6_pcbconnect(struct inpcb *inp, struct mbuf *nam)
{
struct in6_addr *in6a = NULL;
- struct sockaddr_in6 *sin6 = mtod(nam, struct sockaddr_in6 *);
- int error = 0;
+ struct sockaddr_in6 *sin6;
+ int error;
struct sockaddr_in6 tmp;
- (void)&in6a; /* XXX fool gcc */
-
- if (nam->m_len != sizeof(*sin6))
- return (EINVAL);
- if (sin6->sin6_family != AF_INET6)
- return (EAFNOSUPPORT);
+ if ((error = in6_nam2sin6(nam, &sin6)))
+ return (error);
if (sin6->sin6_port == 0)
return (EADDRNOTAVAIL);
/* reject IPv4 mapped address, we have no support for it */
diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c
index 9f989ef006b..f1c44f77a49 100644
--- a/sys/netinet6/raw_ip6.c
+++ b/sys/netinet6/raw_ip6.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: raw_ip6.c,v 1.115 2017/06/26 09:32:32 mpi Exp $ */
+/* $OpenBSD: raw_ip6.c,v 1.116 2017/08/11 19:53:02 bluhm Exp $ */
/* $KAME: raw_ip6.c,v 1.69 2001/03/04 15:55:44 itojun Exp $ */
/*
@@ -609,17 +609,10 @@ rip6_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
case PRU_BIND:
{
- struct sockaddr_in6 *addr = mtod(nam, struct sockaddr_in6 *);
+ struct sockaddr_in6 *addr;
- if (nam->m_len != sizeof(*addr)) {
- error = EINVAL;
- break;
- }
- if (addr->sin6_family != AF_INET6) {
- error = EADDRNOTAVAIL;
+ if ((error = in6_nam2sin6(nam, &addr)))
break;
- }
-
/*
* Make sure to not enter in_pcblookup_local(), local ports
* are non-sensical for raw sockets.
@@ -635,18 +628,11 @@ rip6_usrreq(struct socket *so, int req, struct mbuf *m, struct mbuf *nam,
case PRU_CONNECT:
{
- struct sockaddr_in6 *addr = mtod(nam, struct sockaddr_in6 *);
+ struct sockaddr_in6 *addr;
struct in6_addr *in6a = NULL;
- if (nam->m_len != sizeof(*addr)) {
- error = EINVAL;
- break;
- }
- if (addr->sin6_family != AF_INET6) {
- error = EAFNOSUPPORT;
+ if ((error = in6_nam2sin6(nam, &addr)))
break;
- }
-
/* Source address selection. XXX: need pcblookup? */
error = in6_pcbselsrc(&in6a, addr, in6p, in6p->inp_outputopts6);
if (error)
diff --git a/sys/netinet6/udp6_output.c b/sys/netinet6/udp6_output.c
index 34f8a1c0318..ecece8ae82d 100644
--- a/sys/netinet6/udp6_output.c
+++ b/sys/netinet6/udp6_output.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: udp6_output.c,v 1.54 2017/05/13 17:44:38 bluhm Exp $ */
+/* $OpenBSD: udp6_output.c,v 1.55 2017/08/11 19:53:02 bluhm Exp $ */
/* $KAME: udp6_output.c,v 1.21 2001/02/07 11:51:54 itojun Exp $ */
/*
@@ -117,16 +117,10 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6,
optp = in6p->inp_outputopts6;
if (addr6) {
- struct sockaddr_in6 *sin6 = mtod(addr6, struct sockaddr_in6 *);
+ struct sockaddr_in6 *sin6;
- if (addr6->m_len != sizeof(*sin6)) {
- error = EINVAL;
- goto release;
- }
- if (sin6->sin6_family != AF_INET6) {
- error = EAFNOSUPPORT;
+ if ((error = in6_nam2sin6(addr6, &sin6)))
goto release;
- }
if (sin6->sin6_port == 0) {
error = EADDRNOTAVAIL;
goto release;
@@ -135,7 +129,6 @@ udp6_output(struct inpcb *in6p, struct mbuf *m, struct mbuf *addr6,
error = EADDRNOTAVAIL;
goto release;
}
-
if (!IN6_IS_ADDR_UNSPECIFIED(&in6p->inp_faddr6)) {
error = EISCONN;
goto release;