Date: Tue, 21 Oct 2014 20:20:26 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r273413 - stable/8/sbin/routed Message-ID: <201410212020.s9LKKQUb069598@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Tue Oct 21 20:20:26 2014 New Revision: 273413 URL: https://svnweb.freebsd.org/changeset/base/273413 Log: Fix routed(8) remote denial of service vulnerability. [SA-14:21] Modified: stable/8/sbin/routed/input.c Modified: stable/8/sbin/routed/input.c ============================================================================== --- stable/8/sbin/routed/input.c Tue Oct 21 20:20:17 2014 (r273412) +++ stable/8/sbin/routed/input.c Tue Oct 21 20:20:26 2014 (r273413) @@ -288,6 +288,10 @@ input(struct sockaddr_in *from, /* rece /* Answer a query from a utility program * with all we know. */ + if (aifp == NULL) { + trace_pkt("ignore remote query"); + return; + } if (from->sin_port != htons(RIP_PORT)) { supply(from, aifp, OUT_QUERY, 0, rip->rip_vers, ap != 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410212020.s9LKKQUb069598>