Date: Wed, 3 Jun 2020 07:35:20 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: Randall Stewart <rrs@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r361752 - head/sys/netinet Message-ID: <202006031435.053EZKdm021829@gndrsh.dnsmgr.net> In-Reply-To: <202006031416.053EGem7005706@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Author: rrs > Date: Wed Jun 3 14:16:40 2020 > New Revision: 361752 > URL: https://svnweb.freebsd.org/changeset/base/361752 > > Log: > We should never allow either the broadcast or IN_ADDR_ANY to be > connected to or sent to. This was fond when working with Michael > Tuexen and Skyzaller. Skyzaller seems to want to use either of > these two addresses to connect to at times. And it really is > an error to do so, so lets not allow that behavior. It would be preferable if possible to use the macros from netinet/in.h. #define INADDR_ANY ((in_addr_t)0x00000000) #define in_nullhost(x) ((x).s_addr == INADDR_ANY) There is an in_broadcast, but thats a function doing a more complicated test checking for all possible local broadcast addresses, which may be what you really want to do here. I am also finding it odd that we need to do this at the TCP layer, there should already be stuff in place that prevents this from occuring at the IP layer. I guess this stuff is setup and ends up in a tcb, that later fails when it goes to xmit a packet? > > Sponsored by: Netflix Inc. > Differential Revision: https://reviews.freebsd.org/D24852 > > Modified: > head/sys/netinet/tcp_usrreq.c > > Modified: head/sys/netinet/tcp_usrreq.c > ============================================================================== > --- head/sys/netinet/tcp_usrreq.c Wed Jun 3 14:07:31 2020 (r361751) > +++ head/sys/netinet/tcp_usrreq.c Wed Jun 3 14:16:40 2020 (r361752) > @@ -552,6 +552,10 @@ tcp_usr_connect(struct socket *so, struct sockaddr *na > if (sinp->sin_family == AF_INET > && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) > return (EAFNOSUPPORT); > + if ((sinp->sin_family == AF_INET) && > + ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) || > + (sinp->sin_addr.s_addr == INADDR_ANY))) > + return(EAFNOSUPPORT); > if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0) > return (error); > > @@ -652,6 +656,11 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *n > error = EAFNOSUPPORT; > goto out; > } > + if ((ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) || > + (sin.sin_addr.s_addr == INADDR_ANY)) { > + error = EAFNOSUPPORT; > + goto out; > + } > if ((error = prison_remote_ip4(td->td_ucred, > &sin.sin_addr)) != 0) > goto out; > @@ -1019,6 +1028,13 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf > goto out; > } > if (IN_MULTICAST(ntohl(sinp->sin_addr.s_addr))) { > + if (m) > + m_freem(m); > + error = EAFNOSUPPORT; > + goto out; > + } > + if ((ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) || > + (sinp->sin_addr.s_addr == INADDR_ANY)) { > if (m) > m_freem(m); > error = EAFNOSUPPORT; > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006031435.053EZKdm021829>