mirror of
https://git.FreeBSD.org/src.git
synced 2024-12-25 11:37:56 +00:00
Fix a bug in arplookup(), whereby a hostile party on a locally
attached network could exhaust kernel memory, and cause a system panic, by sending a flood of spoofed ARP requests. Approved by: jake (mentor) Reported by: Apple Product Security <product-security@apple.com>
This commit is contained in:
parent
b15572e3fc
commit
fedf1d01a2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=120383
6
UPDATING
6
UPDATING
@ -17,6 +17,12 @@ NOTE TO PEOPLE WHO THINK THAT 5.0-CURRENT IS SLOW:
|
|||||||
developers choose to disable these features on build machines
|
developers choose to disable these features on build machines
|
||||||
to maximize performance.
|
to maximize performance.
|
||||||
|
|
||||||
|
20030923:
|
||||||
|
Fix a bug in arplookup(), whereby a hostile party on a locally
|
||||||
|
attached network could exhaust kernel memory, and cause a system
|
||||||
|
panic, by sending a flood of spoofed ARP requests. See
|
||||||
|
FreeBSD-SA-03:14.arp.
|
||||||
|
|
||||||
20030915:
|
20030915:
|
||||||
A change to /etc/defaults/rc.conf now causes inetd to be started
|
A change to /etc/defaults/rc.conf now causes inetd to be started
|
||||||
with `-C 60' if it is not overridden in /etc/rc.conf. This
|
with `-C 60' if it is not overridden in /etc/rc.conf. This
|
||||||
|
@ -918,12 +918,20 @@ arplookup(addr, create, proxy)
|
|||||||
else if (rt->rt_gateway->sa_family != AF_LINK)
|
else if (rt->rt_gateway->sa_family != AF_LINK)
|
||||||
why = "gateway route is not ours";
|
why = "gateway route is not ours";
|
||||||
|
|
||||||
if (why && create) {
|
if (why) {
|
||||||
log(LOG_DEBUG, "arplookup %s failed: %s\n",
|
if (create)
|
||||||
inet_ntoa(sin.sin_addr), why);
|
log(LOG_DEBUG, "arplookup %s failed: %s\n",
|
||||||
return 0;
|
inet_ntoa(sin.sin_addr), why);
|
||||||
} else if (why) {
|
|
||||||
return 0;
|
/* If there are no references to this route, purge it */
|
||||||
|
if (rt->rt_refcnt <= 0 &&
|
||||||
|
(rt->rt_flags & RTF_WASCLONED) != RTF_WASCLONED) {
|
||||||
|
rtrequest(RTM_DELETE,
|
||||||
|
(struct sockaddr *)rt_key(rt),
|
||||||
|
rt->rt_gateway, rt_mask(rt),
|
||||||
|
rt->rt_flags, 0);
|
||||||
|
}
|
||||||
|
return (0);
|
||||||
}
|
}
|
||||||
return ((struct llinfo_arp *)rt->rt_llinfo);
|
return ((struct llinfo_arp *)rt->rt_llinfo);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user