Date: Tue, 11 Nov 2008 15:38:34 GMT From: Nick Hilliard <nick@foobar.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/128790: [patch] bug in IP_MINTTL setsockopt() implementation Message-ID: <200811111538.mABFcYAh022560@muffin.acquirer.com> Resent-Message-ID: <200811111540.mABFe14g072790@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 128790 >Category: kern >Synopsis: [patch] bug in IP_MINTTL setsockopt() implementation >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 11 15:40:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Nick Hilliard >Release: FreeBSD 6.1-RELEASE i386 >Organization: Network Ability Ltd >Environment: System: FreeBSD xx 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Wed May 17 11:38:53 IST 2006 nick@xxx:/data/src/usr.src/src-6.1/src/sys/i386/compile/xxx i386 >Description: The IP_MINTTL socket option allows implementation of GTSM - RFC 5082. This is useful for BGP session security, and is implemented in OpenBGPD 4.3. >From perusing the kernel code, you can set inp->inp_ip_minttl to any value between 1 and MAXTTL (i.e. 255). These are permissable TTL values. However, when setting up the inp structure, inp_ip_minttl will be initialised to zero. Also, there are various checks in /sys/netinet/raw_ip.c, /sys/netinet/tcp_input.c and /sys/netinet/udp_usrreq.c which only perform a MINTTL check if inp->inp_ip_minttl is set to nonzero. This suggests that zero is a valid value for inp_ip_minttl. However, there is a bug in the implementation on {free,open,dragonfly}bsd which prevents a programmer from calling the setsockopt() IP_MINTTL with a value of zero. Patch below to fix this behaviour. >How-To-Repeat: int minttl = 0; ret = setsockopt (sock, IPPROTO_IP, IP_MINTTL, &minttl, sizeof(minttl)); [expect ret == -1] >Fix: --- /sys/netinet/ip_output.c~ 2008-11-03 15:22:39.000000000 +0000 +++ /sys/netinet/ip_output.c 2008-11-03 15:22:39.000000000 +0000 @@ -865,7 +865,7 @@ break; case IP_MINTTL: - if (optval > 0 && optval <= MAXTTL) + if (optval >= 0 && optval <= MAXTTL) inp->inp_ip_minttl = optval; else error = EINVAL; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811111538.mABFcYAh022560>