Apply FreeBSD Security Advisory FreeBSD-SA-03:14.arp. Fix DOS crash due
authorMatthew Dillon <dillon@dragonflybsd.org>
Thu, 25 Sep 2003 02:22:23 +0000 (02:22 +0000)
committerMatthew Dillon <dillon@dragonflybsd.org>
Thu, 25 Sep 2003 02:22:23 +0000 (02:22 +0000)
to arp starvation.

sys/netinet/if_ether.c

index 6c7ae07..86df5f5 100644 (file)
@@ -32,7 +32,7 @@
  *
  *     @(#)if_ether.c  8.1 (Berkeley) 6/10/93
  * $FreeBSD: src/sys/netinet/if_ether.c,v 1.64.2.23 2003/04/11 07:23:15 fjoe Exp $
- * $DragonFly: src/sys/netinet/if_ether.c,v 1.6 2003/09/15 23:38:14 hsu Exp $
+ * $DragonFly: src/sys/netinet/if_ether.c,v 1.7 2003/09/25 02:22:23 dillon Exp $
  */
 
 /*
@@ -883,12 +883,20 @@ arplookup(addr, create, proxy)
        else if (rt->rt_gateway->sa_family != AF_LINK)
                why = "gateway route is not ours";
 
-       if (why && create) {
-               log(LOG_DEBUG, "arplookup %s failed: %s\n",
-                   inet_ntoa(sin.sin_addr), why);
-               return 0;
-       } else if (why) {
-               return 0;
+       if (why) {
+               if (create) {
+                       log(LOG_DEBUG, "arplookup %s failed: %s\n",
+                           inet_ntoa(sin.sin_addr), why);
+               }
+
+               /* if there are no references to this route, purge it */
+               if (rt->rt_refcnt <= 0 &&
+                   (rt->rt_flags & RTF_WASCLONED) == RTF_WASCLONED) {
+                           rtrequest(RTM_DELETE,
+                               (struct sockaddr *)rt_key(rt), rt->rt_gateway,
+                               rt_mask(rt), rt->rt_flags, 0);
+               }
+               return (0);
        }
        return ((struct llinfo_arp *)rt->rt_llinfo);
 }