artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 20110d4) | patch
Validate IPv4 packet options in divert output.
authorbluhm <bluhm@openbsd.org>
Tue, 5 Mar 2024 09:45:13 +0000 (09:45 +0000)
committerbluhm <bluhm@openbsd.org>
Tue, 5 Mar 2024 09:45:13 +0000 (09:45 +0000)
commitc8a0ef6cb9913b93aa3144737437f48b578e9aa0
tree8c3784a54c0a23e4840b48513bd9130cc9217f44tree | snapshot
parent20110d46fc7fb1ec548b2feceab469c370307257commit | diff
Validate IPv4 packet options in divert output.

When sending raw packets over divert socket, IP options were not
validated.  Fragment code tries to copy them and crashes.  Raw IP
output has a similar feature, but uses rip_chkhdr() to prevent
invalid packets from userland.  Call this funtion also from
divert_output() for strict user input validation.

Reported-by: syzbot+b1ba3a2a8ef13e5b4698@syzkaller.appspotmail.com
OK dlg@ deraadt@ mvs@
sys/netinet/ip_divert.c diff | blob | history
sys/netinet/ip_var.h diff | blob | history
sys/netinet/raw_ip.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim