svn commit: r339091 - head/sys/netinet6
Bjoern A. Zeeb
bz at FreeBSD.org
Tue Oct 2 17:29:57 UTC 2018
Author: bz
Date: Tue Oct 2 17:29:56 2018
New Revision: 339091
URL: https://svnweb.freebsd.org/changeset/base/339091
Log:
After r338257 is was possible to trigger a KASSERT() in ud6_output()
using an application trying to use a v4mapped destination address on a
kernel without INET support or on a v6only socket.
Catch this case and prevent the packet from going anywhere;
else, without the KASSERT() armed, a v4mapped destination
address might go out on the wire or other undefined behaviour
might happen, while with the KASSERT() we panic.
PR: 231728
Reported by: Jeremy Faulkner (gldisater gmail.com)
Approved by: re (kib)
Modified:
head/sys/netinet6/udp6_usrreq.c
Modified: head/sys/netinet6/udp6_usrreq.c
==============================================================================
--- head/sys/netinet6/udp6_usrreq.c Tue Oct 2 17:27:10 2018 (r339090)
+++ head/sys/netinet6/udp6_usrreq.c Tue Oct 2 17:29:56 2018 (r339091)
@@ -784,8 +784,20 @@ udp6_output(struct socket *so, int flags_arg, struct m
return ((*pru->pru_send)(so, flags_arg, m,
(struct sockaddr *)sin6, control, td));
}
- }
+ } else
#endif
+ if (sin6 && IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) {
+ /*
+ * Given this is either an IPv6-only socket or no INET is
+ * supported we will fail the send if the given destination
+ * address is a v4mapped address.
+ */
+ if (unlock_inp == UH_WLOCKED)
+ INP_WUNLOCK(inp);
+ else
+ INP_RUNLOCK(inp);
+ return (EINVAL);
+ }
if (control) {
if ((error = ip6_setpktopts(control, &opt,
More information about the svn-src-head
mailing list