From 1bfb264a3dc887b9d5e115eab90ad7a4cfccbad9 Mon Sep 17 00:00:00 2001 From: claudio Date: Tue, 2 Feb 2021 17:47:42 +0000 Subject: [PATCH] If IP_MULTICAST_IF or IP_ADD_MEMBERSHIP pass a interface index to the kernel make sure that the rdomain of that interface is the same as the rdomain of the inpcb. Problem spotted and fix tested by semarie@ OK bluhm@ mvs@ --- sys/netinet/ip_output.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index aff08bae028..cd84b3a0833 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.362 2021/02/01 13:25:04 bluhm Exp $ */ +/* $OpenBSD: ip_output.c,v 1.363 2021/02/02 17:47:42 claudio Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -1447,8 +1447,10 @@ ip_setmoptions(int optname, struct ip_moptions **imop, struct mbuf *m, */ if (mreqn.imr_ifindex != 0) { ifp = if_get(mreqn.imr_ifindex); - if (ifp == NULL) { + if (ifp == NULL || + ifp->if_rdomain != rtable_l2(rtableid)) { error = EADDRNOTAVAIL; + if_put(ifp); break; } imo->imo_ifidx = ifp->if_index; @@ -1537,7 +1539,8 @@ ip_setmoptions(int optname, struct ip_moptions **imop, struct mbuf *m, * supports multicast. */ ifp = if_get(ifidx); - if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { + if (ifp == NULL || ifp->if_rdomain != rtable_l2(rtableid) || + (ifp->if_flags & IFF_MULTICAST) == 0) { error = EADDRNOTAVAIL; if_put(ifp); break; -- 2.20.1