From 9babcab8fc8b1a330e075c8e2ed1d3db572ff883 Mon Sep 17 00:00:00 2001 From: Jeffrey Hsu Date: Thu, 1 Apr 2004 23:04:50 +0000 Subject: [PATCH] Consolidate length checks in ip_demux(). --- sys/netinet/ip_demux.c | 10 +++++++++- sys/netinet/ip_input.c | 16 ++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sys/netinet/ip_demux.c b/sys/netinet/ip_demux.c index 766da82210..f466cca5a1 100644 --- a/sys/netinet/ip_demux.c +++ b/sys/netinet/ip_demux.c @@ -2,7 +2,7 @@ * Copyright (c) 2003 Jeffrey Hsu * All rights reserved. * - * $DragonFly: src/sys/netinet/ip_demux.c,v 1.11 2004/04/01 01:38:53 hsu Exp $ + * $DragonFly: src/sys/netinet/ip_demux.c,v 1.12 2004/04/01 23:04:50 hsu Exp $ */ #include "opt_inet.h" @@ -85,6 +85,10 @@ ip_mport(struct mbuf *m) return (&netisr_cpu[0].td_msgport); iphlen = ip->ip_hl << 2; + if (iphlen < sizeof(struct ip)) { /* minimum header length */ + ipstat.ips_badhlen++; + return (NULL); + } switch (ip->ip_p) { case IPPROTO_TCP: @@ -134,6 +138,10 @@ ip_mport(struct mbuf *m) port = &udp_thread[cpu].td_msgport; break; default: + if (m->m_len < iphlen && (m = m_pullup(m, iphlen)) == NULL) { + ipstat.ips_badhlen++; + return (NULL); + } port = &netisr_cpu[0].td_msgport; break; } diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index c481c495c8..5d3f27bf85 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -32,7 +32,7 @@ * * @(#)ip_input.c 8.2 (Berkeley) 1/4/94 * $FreeBSD: src/sys/netinet/ip_input.c,v 1.130.2.52 2003/03/07 07:01:28 silby Exp $ - * $DragonFly: src/sys/netinet/ip_input.c,v 1.13 2004/03/22 06:38:17 hsu Exp $ + * $DragonFly: src/sys/netinet/ip_input.c,v 1.14 2004/04/01 23:04:50 hsu Exp $ */ #define _IP_VHL @@ -376,17 +376,9 @@ ip_input(struct netmsg *msg) } hlen = IP_VHL_HL(ip->ip_vhl) << 2; - if (hlen < sizeof(struct ip)) { /* minimum header length */ - ipstat.ips_badhlen++; - goto bad; - } - if (hlen > m->m_len) { - if ((m = m_pullup(m, hlen)) == 0) { - ipstat.ips_badhlen++; - return; - } - ip = mtod(m, struct ip *); - } + /* length checks already done in ip_demux() */ + KASSERT(hlen >= sizeof(struct ip), ("IP header len too small")); + KASSERT(m->m_len >= hlen, ("packet shorter than IP header length")); /* 127/8 must not appear on wire - RFC1122 */ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || -- 2.41.0