projects / unix-history / blobdiff
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
correct bounds check; don't fall off IP header if optlen is bogus
[unix-history] / usr / src / sys / netinet / ip_input.c
diff --git a/usr/src/sys/netinet/ip_input.c b/usr/src/sys/netinet/ip_input.c
index 2b16b68..1867ef3 100644 (file)
--- a/usr/src/sys/netinet/ip_input.c
+++ b/usr/src/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*     ip_input.c      6.6     84/11/14        */
+/*     ip_input.c      6.8     84/12/20        */
 
 #include "param.h"
 #include "systm.h"
 
 #include "param.h"
 #include "systm.h"
@@ -40,7 +40,7 @@ ip_init()
        for (i = 0; i < IPPROTO_MAX; i++)
                ip_protox[i] = pr - inetsw;
        for (pr = inetdomain.dom_protosw;
        for (i = 0; i < IPPROTO_MAX; i++)
                ip_protox[i] = pr - inetsw;
        for (pr = inetdomain.dom_protosw;
-           pr <= inetdomain.dom_protoswNPROTOSW; pr++)
+           pr < inetdomain.dom_protoswNPROTOSW; pr++)
                if (pr->pr_domain->dom_family == PF_INET &&
                    pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
                        ip_protox[pr->pr_protocol] = pr - inetsw;
                if (pr->pr_domain->dom_family == PF_INET &&
                    pr->pr_protocol && pr->pr_protocol != IPPROTO_RAW)
                        ip_protox[pr->pr_protocol] = pr - inetsw;
@@ -159,20 +159,6 @@ next:
                    sin->sin_addr.s_addr == ip->ip_dst.s_addr)
                        goto ours;
        }
                    sin->sin_addr.s_addr == ip->ip_dst.s_addr)
                        goto ours;
        }
-/* BEGIN GROT */
-#include "nd.h"
-#if NND > 0
-       /*
-        * Diskless machines don't initially know
-        * their address, so take packets from them
-        * if we're acting as a network disk server.
-        */
-       if (in_netof(ip->ip_dst) == INADDR_ANY &&
-           (in_netof(ip->ip_src) == INADDR_ANY &&
-            in_lnaof(ip->ip_src) != INADDR_ANY))
-               goto ours;
-#endif
-/* END GROT */
        ipaddr.sin_addr = ip->ip_dst;
        if (if_ifwithaddr((struct sockaddr *)&ipaddr) == 0) {
                ip_forward(ip);
        ipaddr.sin_addr = ip->ip_dst;
        if (if_ifwithaddr((struct sockaddr *)&ipaddr) == 0) {
                ip_forward(ip);
@@ -465,8 +451,8 @@ ip_dooptions(ip)
                        optlen = 1;
                else {
                        optlen = cp[1];
                        optlen = 1;
                else {
                        optlen = cp[1];
-                       if (optlen <= 0)
-                               break;
+                       if (optlen <= 0 || optlen >= cnt)
+                               goto bad;
                }
                switch (opt) {
 
                }
                switch (opt) {
 
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.