Date: Thu, 10 Sep 2020 11:55:45 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r365564 - stable/12/sys/netinet Message-ID: <202009101155.08ABtjTq020175@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Thu Sep 10 11:55:45 2020 New Revision: 365564 URL: https://svnweb.freebsd.org/changeset/base/365564 Log: MFC r361752: We should never allow either the broadcast or IN_ADDR_ANY to be connected to or sent to. This was fond when working with Michael Tuexen and Skyzaller. Skyzaller seems to want to use either of these two addresses to connect to at times. And it really is an error to do so, so lets not allow that behavior. MFC r363256: (Re)-allow 0.0.0.0 to be used as an address in connect() for TCP In r361752 an error handling was introduced for using 0.0.0.0 or 255.255.255.255 as the address in connect() for TCP, since both addresses can't be used. However, the stack maps 0.0.0.0 implicitly to a local address and at least two regressions were reported. Therefore, re-allow the usage of 0.0.0.0. While there, change the error indicated when using 255.255.255.255 from EAFNOSUPPORT to EACCES as mentioned in the man-page of connect(). Modified: stable/12/sys/netinet/tcp_usrreq.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netinet/tcp_usrreq.c ============================================================================== --- stable/12/sys/netinet/tcp_usrreq.c Thu Sep 10 11:46:36 2020 (r365563) +++ stable/12/sys/netinet/tcp_usrreq.c Thu Sep 10 11:55:45 2020 (r365564) @@ -543,6 +543,9 @@ tcp_usr_connect(struct socket *so, struct sockaddr *na if (sinp->sin_family == AF_INET && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) return (EAFNOSUPPORT); + if ((sinp->sin_family == AF_INET) && + (ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST)) + return (EACCES); if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0) return (error); @@ -639,6 +642,10 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *n error = EAFNOSUPPORT; goto out; } + if (ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) { + error = EACCES; + goto out; + } if ((error = prison_remote_ip4(td->td_ucred, &sin.sin_addr)) != 0) goto out; @@ -994,6 +1001,12 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf if (m) m_freem(m); error = EAFNOSUPPORT; + goto out; + } + if (ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) { + if (m) + m_freem(m); + error = EACCES; goto out; } if ((error = prison_remote_ip4(td->td_ucred,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009101155.08ABtjTq020175>