1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00

Fixed remotely exploitable DoS in arpresolve().

Easily exploitable by flood pinging the target
host over an interface with the IFF_NOARP flag
set (all you need to know is the target host's
MAC address).

MFC after:	0 days
This commit is contained in:
Ruslan Ermilov 2001-12-05 18:13:34 +00:00
parent 959f4950f5
commit 47891de1a5
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=87410

View File

@ -436,8 +436,10 @@ arpresolve(ifp, rt, m, dst, desten, rt0)
* Probably should not allocate empty llinfo struct if we are
* not going to be sending out an arp request.
*/
if (ifp->if_flags & IFF_NOARP)
if (ifp->if_flags & IFF_NOARP) {
m_freem(m);
return (0);
}
/*
* There is an arptab entry, but no ethernet address
* response yet. Replace the held mbuf with this