Date: Fri, 15 May 2020 14:06:37 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361081 - head/sys/netinet Message-ID: <202005151406.04FE6bmZ028617@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Fri May 15 14:06:37 2020 New Revision: 361081 URL: https://svnweb.freebsd.org/changeset/base/361081 Log: Allow only IPv4 addresses in sendto() for TCP on AF_INET sockets. This problem was found by looking at syzkaller reproducers for some other problems. Reviewed by: rrs Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D24831 Modified: head/sys/netinet/tcp_usrreq.c Modified: head/sys/netinet/tcp_usrreq.c ============================================================================== --- head/sys/netinet/tcp_usrreq.c Fri May 15 14:00:12 2020 (r361080) +++ head/sys/netinet/tcp_usrreq.c Fri May 15 14:06:37 2020 (r361081) @@ -1037,6 +1037,12 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf error = EINVAL; goto out; } + if ((inp->inp_vflag & INP_IPV6PROTO) == 0) { + if (m != NULL) + m_freem(m); + error = EAFNOSUPPORT; + goto out; + } if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) { if (m) m_freem(m);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005151406.04FE6bmZ028617>