in6: Fix DoS on INET6 w/ SIOCSIFADDR or SIOCSIFDSTADDR
authorSepherosa Ziehau <sephe@dragonflybsd.org>
Thu, 12 Sep 2013 02:36:40 +0000 (10:36 +0800)
committerSepherosa Ziehau <sephe@dragonflybsd.org>
Thu, 12 Sep 2013 02:37:12 +0000 (10:37 +0800)
For reference:
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/in6.c?rev=1.104&content-type=text/x-cvsweb-markup&only_with_tag=MAIN

DragonFly-bug: http://bugs.dragonflybsd.org/issues/2581

sys/netinet6/in6.c

index b38f3ce..a8541e2 100644 (file)
@@ -609,6 +609,14 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
                        *((struct in6_ifextra *)ifp->if_afdata[AF_INET6])->icmp6_ifstat;
                break;
 
+       case SIOCSIFADDR:
+       case SIOCSIFDSTADDR:
+               /*
+                * Do not pass those ioctl to driver handler since they are not
+                * properly setup.  Instead just error out.
+                */
+               return (EOPNOTSUPP);
+               
        case SIOCGIFALIFETIME_IN6:
                ifr->ifr_ifru.ifru_lifetime = ia->ia6_lifetime;
                break;