From owner-svn-src-all@freebsd.org Thu Oct 24 20:22:53 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4330F1598CF; Thu, 24 Oct 2019 20:22:53 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46zdwF0LHVz4Zfm; Thu, 24 Oct 2019 20:22:53 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E36C81BA13; Thu, 24 Oct 2019 20:22:52 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x9OKMq1e049629; Thu, 24 Oct 2019 20:22:52 GMT (envelope-from bz@FreeBSD.org) Received: (from bz@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x9OKMqjA049628; Thu, 24 Oct 2019 20:22:52 GMT (envelope-from bz@FreeBSD.org) Message-Id: <201910242022.x9OKMqjA049628@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bz set sender to bz@FreeBSD.org using -f From: "Bjoern A. Zeeb" Date: Thu, 24 Oct 2019 20:22:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354046 - head/sys/netinet6 X-SVN-Group: head X-SVN-Commit-Author: bz X-SVN-Commit-Paths: head/sys/netinet6 X-SVN-Commit-Revision: 354046 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Oct 2019 20:22:53 -0000 Author: bz Date: Thu Oct 24 20:22:52 2019 New Revision: 354046 URL: https://svnweb.freebsd.org/changeset/base/354046 Log: frag6: handling of overlapping fragments to conform to RFC 8200 While the comment was updated in r350746, the code was not. RFC8200 says that unless fragment overlaps are exact (same fragment twice) not only the current fragment but the entire reassembly queue for this packet must be silently discarded, which we now do if fragment offset and fragment length do not match. Obtained from: jtl MFC after: 3 weeks Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D16850 Modified: head/sys/netinet6/frag6.c Modified: head/sys/netinet6/frag6.c ============================================================================== --- head/sys/netinet6/frag6.c Thu Oct 24 20:08:33 2019 (r354045) +++ head/sys/netinet6/frag6.c Thu Oct 24 20:22:52 2019 (r354046) @@ -712,6 +712,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto) if (af6tmp != NULL) { if (af6tmp->ip6af_off + af6tmp->ip6af_frglen - ip6af->ip6af_off > 0) { + if (af6tmp->ip6af_off != ip6af->ip6af_off || + af6tmp->ip6af_frglen != ip6af->ip6af_frglen) + frag6_freef(q6, bucket); free(ip6af, M_FRAG6); goto dropfrag; } @@ -719,6 +722,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto) if (af6 != NULL) { if (ip6af->ip6af_off + ip6af->ip6af_frglen - af6->ip6af_off > 0) { + if (af6->ip6af_off != ip6af->ip6af_off || + af6->ip6af_frglen != ip6af->ip6af_frglen) + frag6_freef(q6, bucket); free(ip6af, M_FRAG6); goto dropfrag; }