Retrieve the complete IPv4 header right away, and make sure we did retrieve trunk
authormaxv <maxv@NetBSD.org>
Thu, 22 Mar 2018 09:04:25 +0000
branchtrunk
changeset 317382 7755c5e6f6cb
parent 317381 0f2b2ce10d61
child 317383 bd0b4b7d8a8b
Retrieve the complete IPv4 header right away, and make sure we did retrieve the IPv6 option header we were iterating on.
sys/net/npf/npf_inet.c
--- a/sys/net/npf/npf_inet.c	Thu Mar 22 08:58:56 2018 +0000
+++ b/sys/net/npf/npf_inet.c	Thu Mar 22 09:04:25 2018 +0000
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_inet.c,v 1.45 2018/03/22 08:57:47 maxv Exp $	*/
+/*	$NetBSD: npf_inet.c,v 1.46 2018/03/22 09:04:25 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2009-2014 The NetBSD Foundation, Inc.
@@ -40,7 +40,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.45 2018/03/22 08:57:47 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_inet.c,v 1.46 2018/03/22 09:04:25 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -336,10 +336,15 @@
 			return NPC_FMTERR;
 		}
 
-		/* Check header length and fragment offset. */
+		/* Retrieve the complete header. */
 		if ((u_int)(ip->ip_hl << 2) < sizeof(struct ip)) {
 			return NPC_FMTERR;
 		}
+		ip = nbuf_ensure_contig(nbuf, (u_int)(ip->ip_hl << 2));
+		if (ip == NULL) {
+			return NPC_FMTERR;
+		}
+
 		if (ip->ip_off & ~htons(IP_DF | IP_RF)) {
 			/* Note fragmentation. */
 			flags |= NPC_IPFRAG;
@@ -424,6 +429,10 @@
 			npc->npc_hlen += hlen;
 		}
 
+		if (ip6e == NULL) {
+			return NPC_FMTERR;
+		}
+
 		/*
 		 * Re-fetch the header pointers (nbufs might have been
 		 * reallocated).  Restore the original offset (if any).