diff options
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 738aa05f777..9024da00980 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.417 2004/01/05 18:41:47 dhartmei Exp $ */ +/* $OpenBSD: pf.c,v 1.418 2004/01/06 20:24:33 dhartmei Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5361,6 +5361,12 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0) action = PF_DROP; goto done; } + if (uh.uh_dport == 0 || + ntohs(uh.uh_ulen) > m->m_pkthdr.len - off || + ntohs(uh.uh_ulen) < sizeof(struct udphdr)) { + action = PF_DROP; + goto done; + } action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { #if NPFSYNC @@ -5678,6 +5684,12 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0) action = PF_DROP; goto done; } + if (uh.uh_dport == 0 || + ntohs(uh.uh_ulen) > m->m_pkthdr.len - off || + ntohs(uh.uh_ulen) < sizeof(struct udphdr)) { + action = PF_DROP; + goto done; + } action = pf_test_state_udp(&s, dir, kif, m, off, h, &pd); if (action == PF_PASS) { #if NPFSYNC |