mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-24 11:29:10 +00:00
Fix a bug in arplookup(), whereby a hostile party on a locally
attached network could exhaust kernel memory, and cause a system panic, by sending a flood of spoofed ARP requests. Approved by: jake (mentor) Reported by: Apple Product Security <product-security@apple.com>
This commit is contained in:
parent
b15572e3fc
commit
fedf1d01a2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=120383
6
UPDATING
6
UPDATING
@ -17,6 +17,12 @@ NOTE TO PEOPLE WHO THINK THAT 5.0-CURRENT IS SLOW:
|
||||
developers choose to disable these features on build machines
|
||||
to maximize performance.
|
||||
|
||||
20030923:
|
||||
Fix a bug in arplookup(), whereby a hostile party on a locally
|
||||
attached network could exhaust kernel memory, and cause a system
|
||||
panic, by sending a flood of spoofed ARP requests. See
|
||||
FreeBSD-SA-03:14.arp.
|
||||
|
||||
20030915:
|
||||
A change to /etc/defaults/rc.conf now causes inetd to be started
|
||||
with `-C 60' if it is not overridden in /etc/rc.conf. This
|
||||
|
@ -918,12 +918,20 @@ arplookup(addr, create, proxy)
|
||||
else if (rt->rt_gateway->sa_family != AF_LINK)
|
||||
why = "gateway route is not ours";
|
||||
|
||||
if (why && create) {
|
||||
log(LOG_DEBUG, "arplookup %s failed: %s\n",
|
||||
inet_ntoa(sin.sin_addr), why);
|
||||
return 0;
|
||||
} else if (why) {
|
||||
return 0;
|
||||
if (why) {
|
||||
if (create)
|
||||
log(LOG_DEBUG, "arplookup %s failed: %s\n",
|
||||
inet_ntoa(sin.sin_addr), why);
|
||||
|
||||
/* If there are no references to this route, purge it */
|
||||
if (rt->rt_refcnt <= 0 &&
|
||||
(rt->rt_flags & RTF_WASCLONED) != RTF_WASCLONED) {
|
||||
rtrequest(RTM_DELETE,
|
||||
(struct sockaddr *)rt_key(rt),
|
||||
rt->rt_gateway, rt_mask(rt),
|
||||
rt->rt_flags, 0);
|
||||
}
|
||||
return (0);
|
||||
}
|
||||
return ((struct llinfo_arp *)rt->rt_llinfo);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user