Date: Tue, 2 Oct 2018 17:29:56 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r339091 - head/sys/netinet6 Message-ID: <201810021729.w92HTuS2072263@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bz Date: Tue Oct 2 17:29:56 2018 New Revision: 339091 URL: https://svnweb.freebsd.org/changeset/base/339091 Log: After r338257 is was possible to trigger a KASSERT() in ud6_output() using an application trying to use a v4mapped destination address on a kernel without INET support or on a v6only socket. Catch this case and prevent the packet from going anywhere; else, without the KASSERT() armed, a v4mapped destination address might go out on the wire or other undefined behaviour might happen, while with the KASSERT() we panic. PR: 231728 Reported by: Jeremy Faulkner (gldisater gmail.com) Approved by: re (kib) Modified: head/sys/netinet6/udp6_usrreq.c Modified: head/sys/netinet6/udp6_usrreq.c ============================================================================== --- head/sys/netinet6/udp6_usrreq.c Tue Oct 2 17:27:10 2018 (r339090) +++ head/sys/netinet6/udp6_usrreq.c Tue Oct 2 17:29:56 2018 (r339091) @@ -784,8 +784,20 @@ udp6_output(struct socket *so, int flags_arg, struct m return ((*pru->pru_send)(so, flags_arg, m, (struct sockaddr *)sin6, control, td)); } - } + } else #endif + if (sin6 && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) { + /* + * Given this is either an IPv6-only socket or no INET is + * supported we will fail the send if the given destination + * address is a v4mapped address. + */ + if (unlock_inp == UH_WLOCKED) + INP_WUNLOCK(inp); + else + INP_RUNLOCK(inp); + return (EINVAL); + } if (control) { if ((error = ip6_setpktopts(control, &opt,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810021729.w92HTuS2072263>