svn commit: r365564 - stable/12/sys/netinet

Michael Tuexen tuexen at FreeBSD.org
Thu Sep 10 11:55:46 UTC 2020 

Author: tuexen
Date: Thu Sep 10 11:55:45 2020
New Revision: 365564
URL: https://svnweb.freebsd.org/changeset/base/365564

Log:
  MFC r361752:
  
  We should never allow either the broadcast or IN_ADDR_ANY to be
  connected to or sent to. This was fond when working with Michael
  Tuexen and Skyzaller. Skyzaller seems to want to use either of
  these two addresses to connect to at times. And it really is
  an error to do so, so lets not allow that behavior.
  
  MFC r363256:
  (Re)-allow 0.0.0.0 to be used as an address in connect() for TCP
  In r361752 an error handling was introduced for using 0.0.0.0 or
  255.255.255.255 as the address in connect() for TCP, since both
  addresses can't be used. However, the stack maps 0.0.0.0 implicitly
  to a local address and at least two regressions were reported.
  Therefore, re-allow the usage of 0.0.0.0.
  While there, change the error indicated when using 255.255.255.255
  from EAFNOSUPPORT to EACCES as mentioned in the man-page of connect().

Modified:
  stable/12/sys/netinet/tcp_usrreq.c
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/sys/netinet/tcp_usrreq.c
==============================================================================
--- stable/12/sys/netinet/tcp_usrreq.c	Thu Sep 10 11:46:36 2020	(r365563)
+++ stable/12/sys/netinet/tcp_usrreq.c	Thu Sep 10 11:55:45 2020	(r365564)
@@ -543,6 +543,9 @@ tcp_usr_connect(struct socket *so, struct sockaddr *na
 	if (sinp->sin_family == AF_INET
 	    && IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
 		return (EAFNOSUPPORT);
+	if ((sinp->sin_family == AF_INET) &&
+	    (ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST))
+		return (EACCES);
 	if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
 		return (error);
 
@@ -639,6 +642,10 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *n
 			error = EAFNOSUPPORT;
 			goto out;
 		}
+		if (ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) {
+			error = EACCES;
+			goto out;
+		}
 		if ((error = prison_remote_ip4(td->td_ucred,
 		    &sin.sin_addr)) != 0)
 			goto out;
@@ -994,6 +1001,12 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf
 				if (m)
 					m_freem(m);
 				error = EAFNOSUPPORT;
+				goto out;
+			}
+			if (ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) {
+				if (m)
+					m_freem(m);
+				error = EACCES;
 				goto out;
 			}
 			if ((error = prison_remote_ip4(td->td_ucred,

More information about the svn-src-all mailing list