system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-11-05 18:22:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add a sanity check for the UDP length field in order to prevent

Browse source 
malformed UDP packets to panic the kernel.
Reviewed by:	davidg, wollman
Obtained from:	dab@berserkly.cray.com (David A. Borman) via end2end list
This commit is contained in:
Andras Olah 1995-08-17 22:09:14 +00:00
parent abcf9b120c
commit 7eb7a449c4
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=10095
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/netinet/udp_usrreq.c
View file

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)udp_usrreq.c 8.4 (Berkeley) 1/21/94
* $Id: udp_usrreq.c,v 1.11 1995/05/09 13:35:48 davidg Exp $
* $Id: udp_usrreq.c,v 1.12 1995/05/30 08:10:02 rgrimes Exp $
*/
#include <sys/param.h>
@ -137,7 +137,7 @@ udp_input(m, iphlen)
*/
len = ntohs((u_short)uh->uh_ulen);
if (ip->ip_len != len) {
if (len > ip->ip_len) {
if (len > ip->ip_len || len < sizeof(struct udphdr)) {
udpstat.udps_badlen++;
goto bad;
}