svn commit: r249903 - head/sys/netinet
Adrian Chadd
adrian at freebsd.org
Thu Apr 25 18:33:35 UTC 2013
.. is it possible to trigger a remote DoS through mbuf exhaustion
somehow by exploiting this?
Adrian
On 25 April 2013 10:38, Gleb Smirnoff <glebius at freebsd.org> wrote:
> Author: glebius
> Date: Thu Apr 25 17:38:04 2013
> New Revision: 249903
> URL: http://svnweb.freebsd.org/changeset/base/249903
>
> Log:
> Fix couple of mbuf leaks in incoming ARP processing.
>
> Modified:
> head/sys/netinet/if_ether.c
>
> Modified: head/sys/netinet/if_ether.c
> ==============================================================================
> --- head/sys/netinet/if_ether.c Thu Apr 25 17:27:13 2013 (r249902)
> +++ head/sys/netinet/if_ether.c Thu Apr 25 17:38:04 2013 (r249903)
> @@ -558,13 +558,13 @@ in_arpinput(struct mbuf *m)
> if (ah->ar_pln != sizeof(struct in_addr)) {
> log(LOG_NOTICE, "in_arp: requested protocol length != %zu\n",
> sizeof(struct in_addr));
> - return;
> + goto drop;
> }
>
> if (allow_multicast == 0 && ETHER_IS_MULTICAST(ar_sha(ah))) {
> log(LOG_NOTICE, "arp: %*D is multicast\n",
> ifp->if_addrlen, (u_char *)ar_sha(ah), ":");
> - return;
> + goto drop;
> }
>
> op = ntohs(ah->ar_op);
More information about the svn-src-head
mailing list