diff options
-rw-r--r-- | sys/netinet/ip_ah.h | 3 | ||||
-rw-r--r-- | sys/netinet/ip_ah_new.c | 13 | ||||
-rw-r--r-- | sys/netinet/ip_ah_old.c | 13 | ||||
-rw-r--r-- | sys/netinet/ip_esp.h | 3 | ||||
-rw-r--r-- | sys/netinet/ip_esp_new.c | 11 | ||||
-rw-r--r-- | sys/netinet/ip_esp_old.c | 14 |
6 files changed, 48 insertions, 9 deletions
diff --git a/sys/netinet/ip_ah.h b/sys/netinet/ip_ah.h index 1e19c80a32d..1df84dbb1b5 100644 --- a/sys/netinet/ip_ah.h +++ b/sys/netinet/ip_ah.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.h,v 1.12 1998/05/18 21:10:31 provos Exp $ */ +/* $OpenBSD: ip_ah.h,v 1.13 1998/11/25 02:01:28 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -86,6 +86,7 @@ struct ahstat u_int32_t ahs_invalid; /* Trying to use an invalid TDB */ u_int64_t ahs_ibytes; /* input bytes */ u_int64_t ahs_obytes; /* output bytes */ + u_int32_t ahs_toobig; /* packet got larger than IP_MAXPACKET */ }; #define AH_HMAC_HASHLEN 12 /* 96 bits of authenticator */ diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c index ed8a442d0ce..1b4dd48ca7f 100644 --- a/sys/netinet/ip_ah_new.c +++ b/sys/netinet/ip_ah_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_new.c,v 1.18 1998/06/03 09:50:18 provos Exp $ */ +/* $OpenBSD: ip_ah_new.c,v 1.19 1998/11/25 02:01:27 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -568,7 +568,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, DPRINTF(("ah_new_output(): m_pullup() failed, SA &x/%08x\n", tdb->tdb_dst, ntohl(tdb->tdb_spi))); ahstat.ahs_hdrops++; - return NULL; + return ENOBUFS; } ip = mtod(m, struct ip *); @@ -583,6 +583,15 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, ilen = ntohs(ip->ip_len); ohlen = AH_NEW_FLENGTH; + if (ohlen + ilen > IP_MAXPACKET) { + if (encdebug) + log(LOG_ALERT, + "ah_new_output(): packet in SA %x/%0x8 got too big\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi)); + m_freem(m); + ahstat.ahs_toobig++; + return ENOBUFS; + } ipo.ip_v = IPVERSION; ipo.ip_hl = ip->ip_hl; diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c index 2b4bd0d3fb1..25f5883c055 100644 --- a/sys/netinet/ip_ah_old.c +++ b/sys/netinet/ip_ah_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_old.c,v 1.15 1998/06/03 09:50:19 provos Exp $ */ +/* $OpenBSD: ip_ah_old.c,v 1.16 1998/11/25 02:01:26 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -473,7 +473,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, DPRINTF(("ah_old_output(): m_pullup() failed, SA &x/%08x\n", tdb->tdb_dst, ntohl(tdb->tdb_spi))); ahstat.ahs_hdrops++; - return NULL; + return ENOBUFS; } ip = mtod(m, struct ip *); @@ -488,6 +488,15 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, ilen = ntohs(ip->ip_len); ohlen = AH_OLD_FLENGTH + alen; + if (ohlen + ilen > IP_MAXPACKET) { + if (encdebug) + log(LOG_ALERT, + "ah_old_output(): packet in SA %x/%0x8 got too big\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi)); + m_freem(m); + ahstat.ahs_toobig++; + return ENOBUFS; + } ipo.ip_v = IPVERSION; ipo.ip_hl = ip->ip_hl; diff --git a/sys/netinet/ip_esp.h b/sys/netinet/ip_esp.h index 31fa69160e0..75ba8bf53aa 100644 --- a/sys/netinet/ip_esp.h +++ b/sys/netinet/ip_esp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.h,v 1.17 1998/05/18 21:10:41 provos Exp $ */ +/* $OpenBSD: ip_esp.h,v 1.18 1998/11/25 02:01:28 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -117,6 +117,7 @@ struct espstat u_int32_t esps_invalid; /* Trying to use an invalid TDB */ u_int64_t esps_ibytes; /* input bytes */ u_int64_t esps_obytes; /* output bytes */ + u_int32_t esps_toobig; /* packet got larger than IP_MAXPACKET */ }; struct esp_old_xdata diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index 4459236771b..3b8f386146e 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.25 1998/11/25 01:02:59 niklas Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.26 1998/11/25 02:01:27 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -933,6 +933,15 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, /* Raw payload length */ rlen = ilen - iphlen; padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; + if (iphlen + ohlen + rlen + padding + alen > IP_MAXPACKET) { + if (encdebug) + log(LOG_ALERT, + "esp_new_output(): packet in SA %x/%0x8 got too big\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi)); + m_freem(m); + espstat.esps_toobig++; + return ENOBUFS; + } pad = (u_char *) m_pad(m, padding + alen); if (pad == NULL) diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c index f93d89259cf..02f80af4678 100644 --- a/sys/netinet/ip_esp_old.c +++ b/sys/netinet/ip_esp_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_old.c,v 1.20 1998/07/30 08:41:21 provos Exp $ */ +/* $OpenBSD: ip_esp_old.c,v 1.21 1998/11/25 02:01:27 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -624,8 +624,18 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, ipo = *ip; nh = ipo.ip_p; - rlen = ilen - iphlen; /* raw payload length */ + /* Raw payload length */ + rlen = ilen - iphlen; padding = ((blks - ((rlen + 2) % blks)) % blks) + 2; + if (iphlen + ohlen + rlen + padding > IP_MAXPACKET) { + if (encdebug) + log(LOG_ALERT, + "esp_old_output(): packet in SA %x/%0x8 got too big\n", + tdb->tdb_dst, ntohl(tdb->tdb_spi)); + m_freem(m); + espstat.esps_toobig++; + return ENOBUFS; + } pad = (u_char *) m_pad(m, padding); if (pad == NULL) |