Date: Thu, 25 Apr 2013 11:33:33 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Gleb Smirnoff <glebius@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r249903 - head/sys/netinet Message-ID: <CAJ-VmondsDLe0Sa=9=B4dJ498_ORi8x%2B=%2BHRQwtzWeQ9mwYuhA@mail.gmail.com> In-Reply-To: <201304251738.r3PHc4aM060344@svn.freebsd.org> References: <201304251738.r3PHc4aM060344@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
.. is it possible to trigger a remote DoS through mbuf exhaustion somehow by exploiting this? Adrian On 25 April 2013 10:38, Gleb Smirnoff <glebius@freebsd.org> wrote: > Author: glebius > Date: Thu Apr 25 17:38:04 2013 > New Revision: 249903 > URL: http://svnweb.freebsd.org/changeset/base/249903 > > Log: > Fix couple of mbuf leaks in incoming ARP processing. > > Modified: > head/sys/netinet/if_ether.c > > Modified: head/sys/netinet/if_ether.c > ============================================================================== > --- head/sys/netinet/if_ether.c Thu Apr 25 17:27:13 2013 (r249902) > +++ head/sys/netinet/if_ether.c Thu Apr 25 17:38:04 2013 (r249903) > @@ -558,13 +558,13 @@ in_arpinput(struct mbuf *m) > if (ah->ar_pln != sizeof(struct in_addr)) { > log(LOG_NOTICE, "in_arp: requested protocol length != %zu\n", > sizeof(struct in_addr)); > - return; > + goto drop; > } > > if (allow_multicast == 0 && ETHER_IS_MULTICAST(ar_sha(ah))) { > log(LOG_NOTICE, "arp: %*D is multicast\n", > ifp->if_addrlen, (u_char *)ar_sha(ah), ":"); > - return; > + goto drop; > } > > op = ntohs(ah->ar_op);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmondsDLe0Sa=9=B4dJ498_ORi8x%2B=%2BHRQwtzWeQ9mwYuhA>