Date: Tue, 25 Jan 2000 16:11:39 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, dillon@apollo.backplane.com (Matthew Dillon) Cc: imp@village.org (Warner Losh), security@FreeBSD.ORG Subject: Re: Merged patches Message-ID: <200001260011.QAA28012@salsa.gv.tsc.tdk.com> In-Reply-To: <200001251934.LAA71614@gndrsh.dnsmgr.net> References: <200001251934.LAA71614@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 25, 11:34am, "Rodney W. Grimes" wrote: } Subject: Re: Merged patches } > I found a bug in the patch: } > } > : #endif } > :- if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) } > :- goto drop; } > :+ if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) || } > :+ IN_MULTICAST(ntohl(ip->ip_src.s_addr)) || } > :+ IN_EXPERIMENTAL(ntohl(ip->ip_src.s_addr))) } } And yet another bugger.... you just made it impossible for anyone } doing work with the EXPERIMENTAL block at 240.0.0.0/8 on FreeBSD } using TCP without hacking the kernel code. Please remove the } last check here. How about changing the last part to to ip->ip_src.s_addr == htonl(INADDR_BROADCAST) which is the subset of IN_EXPERIMENTAL that I was concerned about. Without this, someone will post yet another variant of this attack using a broadcast source address. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001260011.QAA28012>