svn commit: r365564 - stable/12/sys/netinet
Michael Tuexen
tuexen at FreeBSD.org
Thu Sep 10 11:55:46 UTC 2020
Author: tuexen
Date: Thu Sep 10 11:55:45 2020
New Revision: 365564
URL: https://svnweb.freebsd.org/changeset/base/365564
Log:
MFC r361752:
We should never allow either the broadcast or IN_ADDR_ANY to be
connected to or sent to. This was fond when working with Michael
Tuexen and Skyzaller. Skyzaller seems to want to use either of
these two addresses to connect to at times. And it really is
an error to do so, so lets not allow that behavior.
MFC r363256:
(Re)-allow 0.0.0.0 to be used as an address in connect() for TCP
In r361752 an error handling was introduced for using 0.0.0.0 or
255.255.255.255 as the address in connect() for TCP, since both
addresses can't be used. However, the stack maps 0.0.0.0 implicitly
to a local address and at least two regressions were reported.
Therefore, re-allow the usage of 0.0.0.0.
While there, change the error indicated when using 255.255.255.255
from EAFNOSUPPORT to EACCES as mentioned in the man-page of connect().
Modified:
stable/12/sys/netinet/tcp_usrreq.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netinet/tcp_usrreq.c
==============================================================================
--- stable/12/sys/netinet/tcp_usrreq.c Thu Sep 10 11:46:36 2020 (r365563)
+++ stable/12/sys/netinet/tcp_usrreq.c Thu Sep 10 11:55:45 2020 (r365564)
@@ -543,6 +543,9 @@ tcp_usr_connect(struct socket *so, struct sockaddr *na
if (sinp->sin_family == AF_INET
&& IN_MULTICAST(ntohl(sinp->sin_addr.s_addr)))
return (EAFNOSUPPORT);
+ if ((sinp->sin_family == AF_INET) &&
+ (ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST))
+ return (EACCES);
if ((error = prison_remote_ip4(td->td_ucred, &sinp->sin_addr)) != 0)
return (error);
@@ -639,6 +642,10 @@ tcp6_usr_connect(struct socket *so, struct sockaddr *n
error = EAFNOSUPPORT;
goto out;
}
+ if (ntohl(sin.sin_addr.s_addr) == INADDR_BROADCAST) {
+ error = EACCES;
+ goto out;
+ }
if ((error = prison_remote_ip4(td->td_ucred,
&sin.sin_addr)) != 0)
goto out;
@@ -994,6 +1001,12 @@ tcp_usr_send(struct socket *so, int flags, struct mbuf
if (m)
m_freem(m);
error = EAFNOSUPPORT;
+ goto out;
+ }
+ if (ntohl(sinp->sin_addr.s_addr) == INADDR_BROADCAST) {
+ if (m)
+ m_freem(m);
+ error = EACCES;
goto out;
}
if ((error = prison_remote_ip4(td->td_ucred,
More information about the svn-src-all
mailing list