git: 59f3eb3b71d5 - stable/14 - netinet: Explicitly disallow connections to the unspecified address

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Fri, 20 Sep 2024 11:39:57 UTC

The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=59f3eb3b71d5df21882ed95d99ac10911f305b81

commit 59f3eb3b71d5df21882ed95d99ac10911f305b81
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-08-29 13:11:15 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-09-20 11:39:16 +0000

    netinet: Explicitly disallow connections to the unspecified address
    
    If the V_connect_ifaddr_wild sysctl says that we shouldn't infer a
    destination address, return an error.  Otherwise it's possible for use
    of an unspecified foreign address to trigger a subsequent assertion
    failure, for example in in_pcblookup_hash_locked().
    
    Similarly, if no interface addresses are assigned, fail quickly upon an
    attempt to connect to the unspecified address.
    
    Reported by:    Shawn Webb <shawn.webb@hardenedbsd.org>
    MFC after:      2 weeks
    Reviewed by:    zlei, allanjude, emaste
    Differential Revision:  https://reviews.freebsd.org/D46454
    
    (cherry picked from commit 0c605af3f9d9e66be6af0a3bbc36dbedc5dfe516)
---
 sys/netinet/in_pcb.c   | 2 ++
 sys/netinet6/in6_pcb.c | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 28cd64ccbde6..f6904690deab 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1338,6 +1338,8 @@ in_pcbconnect_setup(struct inpcb *inp, struct sockaddr_in *sin,
 				faddr = satosin(&CK_STAILQ_FIRST(
 				    &V_in_ifaddrhead)->ia_broadaddr)->sin_addr;
 		}
+	} else if (faddr.s_addr == INADDR_ANY) {
+		return (ENETUNREACH);
 	}
 	if (laddr.s_addr == INADDR_ANY) {
 		error = in_pcbladdr(inp, &faddr, &laddr, cred);
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index 8046e0fa530d..f7f2ea0b8699 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -370,7 +370,10 @@ in6_pcbladdr(struct inpcb *inp, struct sockaddr_in6 *sin6,
 		 */
 		if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr))
 			sin6->sin6_addr = in6addr_loopback;
+	} else if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) {
+		return (ENETUNREACH);
 	}
+
 	if ((error = prison_remote_ip6(inp->inp_cred, &sin6->sin6_addr)) != 0)
 		return (error);