Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/ip_input.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.107 retrieving revision 1.117 diff -u -p -r1.107 -r1.117 --- src/sys/netinet/ip_input.c 2000/03/10 22:39:03 1.107 +++ src/sys/netinet/ip_input.c 2000/08/25 13:35:05 1.117 @@ -1,4 +1,4 @@ -/* $NetBSD: ip_input.c,v 1.107 2000/03/10 22:39:03 thorpej Exp $ */ +/* $NetBSD: ip_input.c,v 1.117 2000/08/25 13:35:05 tron Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -120,7 +120,8 @@ #include #include -#include +#include + #include #include @@ -139,10 +140,13 @@ #include #include "gif.h" +#ifdef MROUTING +#include +#endif + #ifdef IPSEC #include #include -#include #endif #ifndef IPFORWARDING @@ -200,7 +204,6 @@ struct in_ifaddrhashhead *in_ifaddrhasht struct ifqueue ipintrq; struct ipstat ipstat; u_int16_t ip_id; -int ip_defttl; struct ipqhead ipq; int ipq_locked; @@ -281,8 +284,8 @@ static void save_rte __P((u_char *, stru void ip_init() { - register struct protosw *pr; - register int i; + struct protosw *pr; + int i; pool_init(&ipqent_pool, sizeof(struct ipqent), 0, 0, 0, "ipqepl", 0, NULL, NULL, M_IPQ); @@ -340,10 +343,10 @@ ipintr() void ip_input(struct mbuf *m) { - register struct ip *ip = NULL; - register struct ipq *fp; - register struct in_ifaddr *ia; - register struct ifaddr *ifa; + struct ip *ip = NULL; + struct ipq *fp; + struct in_ifaddr *ia; + struct ifaddr *ifa; struct ipqent *ipqe; int hlen = 0, mff, len; int downmatch; @@ -709,11 +712,11 @@ bad: */ struct mbuf * ip_reass(ipqe, fp) - register struct ipqent *ipqe; - register struct ipq *fp; + struct ipqent *ipqe; + struct ipq *fp; { - register struct mbuf *m = ipqe->ipqe_m; - register struct ipqent *nq, *p, *q; + struct mbuf *m = ipqe->ipqe_m; + struct ipqent *nq, *p, *q; struct ip *ip; struct mbuf *t; int hlen = ipqe->ipqe_ip->ip_hl << 2; @@ -851,7 +854,7 @@ insert: m->m_data -= (ip->ip_hl << 2); /* some debugging cruft by sklower, below, will go away soon */ if (m->m_flags & M_PKTHDR) { /* XXX this should be done elsewhere */ - register int plen = 0; + int plen = 0; for (t = m; t; t = t->m_next) plen += t->m_len; m->m_pkthdr.len = plen; @@ -873,7 +876,7 @@ void ip_freef(fp) struct ipq *fp; { - register struct ipqent *q, *p; + struct ipqent *q, *p; IPQ_LOCK_CHECK(); @@ -895,7 +898,7 @@ ip_freef(fp) void ip_slowtimo() { - register struct ipq *fp, *nfp; + struct ipq *fp, *nfp; int s = splsoftnet(); IPQ_LOCK(); @@ -946,10 +949,10 @@ int ip_dooptions(m) struct mbuf *m; { - register struct ip *ip = mtod(m, struct ip *); - register u_char *cp, *cp0; - register struct ip_timestamp *ipt; - register struct in_ifaddr *ia; + struct ip *ip = mtod(m, struct ip *); + u_char *cp, *cp0; + struct ip_timestamp *ipt; + struct in_ifaddr *ia; int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0; struct in_addr dst; n_time ntime; @@ -964,8 +967,12 @@ ip_dooptions(m) if (opt == IPOPT_NOP) optlen = 1; else { + if (cnt < IPOPT_OLEN + sizeof(*cp)) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } optlen = cp[IPOPT_OLEN]; - if (optlen <= 0 || optlen > cnt) { + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { code = &cp[IPOPT_OLEN] - (u_char *)ip; goto bad; } @@ -991,6 +998,10 @@ ip_dooptions(m) code = ICMP_UNREACH_NET_PROHIB; goto bad; } + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { code = &cp[IPOPT_OFFSET] - (u_char *)ip; goto bad; @@ -1010,7 +1021,7 @@ ip_dooptions(m) break; } off--; /* 0 origin */ - if (off > optlen - sizeof(struct in_addr)) { + if ((off + sizeof(struct in_addr)) > optlen) { /* * End of source route. Should be for us. */ @@ -1042,6 +1053,10 @@ ip_dooptions(m) break; case IPOPT_RR: + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { code = &cp[IPOPT_OFFSET] - (u_char *)ip; goto bad; @@ -1050,7 +1065,7 @@ ip_dooptions(m) * If no space remains, ignore. */ off--; /* 0 origin */ - if (off > optlen - sizeof(struct in_addr)) + if ((off + sizeof(struct in_addr)) > optlen) break; bcopy((caddr_t)(&ip->ip_dst), (caddr_t)&ipaddr.sin_addr, sizeof(ipaddr.sin_addr)); @@ -1073,11 +1088,20 @@ ip_dooptions(m) case IPOPT_TS: code = cp - (u_char *)ip; ipt = (struct ip_timestamp *)cp; - if (ipt->ipt_len < 5) + if (ipt->ipt_len < 4 || ipt->ipt_len > 40) { + code = (u_char *)&ipt->ipt_len - (u_char *)ip; goto bad; + } + if (ipt->ipt_ptr < 5) { + code = (u_char *)&ipt->ipt_ptr - (u_char *)ip; + goto bad; + } if (ipt->ipt_ptr > ipt->ipt_len - sizeof (int32_t)) { - if (++ipt->ipt_oflw == 0) + if (++ipt->ipt_oflw == 0) { + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip; goto bad; + } break; } cp0 = (cp + ipt->ipt_ptr - 1); @@ -1088,8 +1112,11 @@ ip_dooptions(m) case IPOPT_TS_TSANDADDR: if (ipt->ipt_ptr - 1 + sizeof(n_time) + - sizeof(struct in_addr) > ipt->ipt_len) + sizeof(struct in_addr) > ipt->ipt_len) { + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip; goto bad; + } ipaddr.sin_addr = dst; ia = ifatoia(ifaof_ifpforaddr(sintosa(&ipaddr), m->m_pkthdr.rcvif)); @@ -1102,8 +1129,11 @@ ip_dooptions(m) case IPOPT_TS_PRESPEC: if (ipt->ipt_ptr - 1 + sizeof(n_time) + - sizeof(struct in_addr) > ipt->ipt_len) + sizeof(struct in_addr) > ipt->ipt_len) { + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip; goto bad; + } bcopy(cp0, &ipaddr.sin_addr, sizeof(struct in_addr)); if (ifatoia(ifa_ifwithaddr(sintosa(&ipaddr))) @@ -1113,6 +1143,9 @@ ip_dooptions(m) break; default: + /* XXX can't take &ipt->ipt_flg */ + code = (u_char *)&ipt->ipt_ptr - + (u_char *)ip + 1; goto bad; } ntime = iptime(); @@ -1146,7 +1179,7 @@ struct in_ifaddr * ip_rtaddr(dst) struct in_addr dst; { - register struct sockaddr_in *sin; + struct sockaddr_in *sin; sin = satosin(&ipforward_rt.ro_dst); @@ -1197,8 +1230,8 @@ save_rte(option, dst) struct mbuf * ip_srcroute() { - register struct in_addr *p, *q; - register struct mbuf *m; + struct in_addr *p, *q; + struct mbuf *m; if (ip_nhops == 0) return ((struct mbuf *)0); @@ -1267,12 +1300,12 @@ ip_srcroute() */ void ip_stripoptions(m, mopt) - register struct mbuf *m; + struct mbuf *m; struct mbuf *mopt; { - register int i; + int i; struct ip *ip = mtod(m, struct ip *); - register caddr_t opts; + caddr_t opts; int olen; olen = (ip->ip_hl << 2) - sizeof (struct ip); @@ -1314,9 +1347,9 @@ ip_forward(m, srcrt) struct mbuf *m; int srcrt; { - register struct ip *ip = mtod(m, struct ip *); - register struct sockaddr_in *sin; - register struct rtentry *rt; + struct ip *ip = mtod(m, struct ip *); + struct sockaddr_in *sin; + struct rtentry *rt; int error, type = 0, code = 0; struct mbuf *mcopy; n_long dest; @@ -1514,10 +1547,10 @@ ip_forward(m, srcrt) void ip_savecontrol(inp, mp, ip, m) - register struct inpcb *inp; - register struct mbuf **mp; - register struct ip *ip; - register struct mbuf *m; + struct inpcb *inp; + struct mbuf **mp; + struct ip *ip; + struct mbuf *m; { if (inp->inp_socket->so_options & SO_TIMESTAMP) { @@ -1682,6 +1715,31 @@ ip_sysctl(name, namelen, oldp, oldlenp, &ip_gif_ttl)); #endif +#ifndef IPNOPRIVPORTS + case IPCTL_LOWPORTMIN: + old = lowportmin; + error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmin); + if (lowportmin >= lowportmax + || lowportmin > IPPORT_RESERVEDMAX + || lowportmin < IPPORT_RESERVEDMIN + ) { + lowportmin = old; + return (EINVAL); + } + return (error); + case IPCTL_LOWPORTMAX: + old = lowportmax; + error = sysctl_int(oldp, oldlenp, newp, newlen, &lowportmax); + if (lowportmin >= lowportmax + || lowportmax > IPPORT_RESERVEDMAX + || lowportmax < IPPORT_RESERVEDMIN + ) { + lowportmax = old; + return (EINVAL); + } + return (error); +#endif + default: return (EOPNOTSUPP); }