If IP_MULTICAST_IF or IP_ADD_MEMBERSHIP pass a interface index to the

kernel make sure that the rdomain of that interface is the same as
the rdomain of the inpcb.
Problem spotted and fix tested by semarie@
OK bluhm@ mvs@

diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index aff08ba..cd84b3a 100644 (file)
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ip_output.c,v 1.362 2021/02/01 13:25:04 bluhm Exp $   */
+/*     $OpenBSD: ip_output.c,v 1.363 2021/02/02 17:47:42 claudio Exp $ */
 /*     $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $  */
 
 /*
@@ -1447,8 +1447,10 @@ ip_setmoptions(int optname, struct ip_moptions **imop, struct mbuf *m,
                         */
                        if (mreqn.imr_ifindex != 0) {
                                ifp = if_get(mreqn.imr_ifindex);
-                               if (ifp == NULL) {
+                               if (ifp == NULL ||
+                                   ifp->if_rdomain != rtable_l2(rtableid)) {
                                        error = EADDRNOTAVAIL;
+                                       if_put(ifp);
                                        break;
                                }
                                imo->imo_ifidx = ifp->if_index;
@@ -1537,7 +1539,8 @@ ip_setmoptions(int optname, struct ip_moptions **imop, struct mbuf *m,
                 * supports multicast.
                 */
                ifp = if_get(ifidx);
-               if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
+               if (ifp == NULL || ifp->if_rdomain != rtable_l2(rtableid) ||
+                   (ifp->if_flags & IFF_MULTICAST) == 0) {
                        error = EADDRNOTAVAIL;
                        if_put(ifp);
                        break;