svn commit: r354046 - head/sys/netinet6
Bjoern A. Zeeb
bz at FreeBSD.org
Thu Oct 24 20:22:53 UTC 2019
Author: bz
Date: Thu Oct 24 20:22:52 2019
New Revision: 354046
URL: https://svnweb.freebsd.org/changeset/base/354046
Log:
frag6: handling of overlapping fragments to conform to RFC 8200
While the comment was updated in r350746, the code was not.
RFC8200 says that unless fragment overlaps are exact (same fragment
twice) not only the current fragment but the entire reassembly queue
for this packet must be silently discarded, which we now do if
fragment offset and fragment length do not match.
Obtained from: jtl
MFC after: 3 weeks
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16850
Modified:
head/sys/netinet6/frag6.c
Modified: head/sys/netinet6/frag6.c
==============================================================================
--- head/sys/netinet6/frag6.c Thu Oct 24 20:08:33 2019 (r354045)
+++ head/sys/netinet6/frag6.c Thu Oct 24 20:22:52 2019 (r354046)
@@ -712,6 +712,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
if (af6tmp != NULL) {
if (af6tmp->ip6af_off + af6tmp->ip6af_frglen -
ip6af->ip6af_off > 0) {
+ if (af6tmp->ip6af_off != ip6af->ip6af_off ||
+ af6tmp->ip6af_frglen != ip6af->ip6af_frglen)
+ frag6_freef(q6, bucket);
free(ip6af, M_FRAG6);
goto dropfrag;
}
@@ -719,6 +722,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
if (af6 != NULL) {
if (ip6af->ip6af_off + ip6af->ip6af_frglen -
af6->ip6af_off > 0) {
+ if (af6->ip6af_off != ip6af->ip6af_off ||
+ af6->ip6af_frglen != ip6af->ip6af_frglen)
+ frag6_freef(q6, bucket);
free(ip6af, M_FRAG6);
goto dropfrag;
}
More information about the svn-src-all
mailing list