From owner-freebsd-net Tue Oct 10 15: 2:33 2000 Delivered-To: freebsd-net@freebsd.org Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (Postfix) with ESMTP id 9D9DB37B502; Tue, 10 Oct 2000 15:02:29 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.10.0/8.10.0) id e9AM2PN13554; Tue, 10 Oct 2000 15:02:25 -0700 (PDT) Received: from bubba.whistle.com( 207.76.205.7) by whistle.com via smap (V2.0) id xma013550; Tue, 10 Oct 2000 15:02:21 -0700 Received: (from archie@localhost) by bubba.whistle.com (8.11.0/8.11.0) id e9AM2L538821; Tue, 10 Oct 2000 15:02:21 -0700 (PDT) (envelope-from archie) From: Archie Cobbs Message-Id: <200010102202.e9AM2L538821@bubba.whistle.com> Subject: ip_input.c patch To: bmilekic@freebsd.org Date: Tue, 10 Oct 2000 15:02:21 -0700 (PDT) Cc: freebsd-net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bosko (and anyone else..), Does this patch look appropriate to you? Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com Index: ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.141 diff -u -r1.141 ip_input.c --- ip_input.c 2000/09/14 21:06:48 1.141 +++ ip_input.c 2000/10/10 21:58:46 @@ -338,15 +338,23 @@ goto bad; } +#if BYTE_ORDER != BIG_ENDIAN /* - * Convert fields to host representation. + * Convert fields to host representation. But first make + * sure we don't write into a multiply-referenced mbuf. */ + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m) + && (m = m_pullup(m, sizeof(*ip))) == NULL) { + ipstat.ips_badhlen++; + return; + } NTOHS(ip->ip_len); + NTOHS(ip->ip_off); +#endif /* !BIG_ENDIAN */ if (ip->ip_len < hlen) { ipstat.ips_badlen++; goto bad; } - NTOHS(ip->ip_off); /* * Check that the amount of data in the buffers @@ -599,7 +607,7 @@ * Reassembly should be able to treat a mbuf cluster, for later * operation of contiguous protocol headers on the cluster. (KAME) */ - if (m->m_flags & M_EXT) { /* XXX */ + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m)) { if ((m = m_pullup(m, hlen)) == 0) { ipstat.ips_toosmall++; #ifdef IPFIREWALL_FORWARD @@ -688,6 +696,14 @@ #ifdef IPDIVERT /* Restore original checksum before diverting packet */ if (divert_info != 0) { + /* Don't overwrite multiply-referenced mbuf */ + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m) + && (m = m_pullup(m, sizeof(*ip))) == NULL) { +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif + return; + } ip->ip_len += hlen; HTONS(ip->ip_len); HTONS(ip->ip_off); @@ -717,6 +733,15 @@ /* Clone packet if we're doing a 'tee' */ if ((divert_info & IP_FW_PORT_TEE_FLAG) != 0) clone = m_dup(m, M_DONTWAIT); + + /* Don't overwrite multiply-referenced mbuf */ + if ((m->m_flags & M_EXT) != 0 && MEXT_IS_REF(m) + && (m = m_pullup(m, sizeof(*ip))) == NULL) { +#ifdef IPFIREWALL_FORWARD + ip_fw_fwd_addr = NULL; +#endif + return; + } /* Restore packet header fields to original values */ ip->ip_len += hlen; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message