diff options
| author | Michael Tuexen <tuexen@FreeBSD.org> | 2023-10-07 13:56:00 +0000 |
|---|---|---|
| committer | Michael Tuexen <tuexen@FreeBSD.org> | 2023-10-07 13:56:00 +0000 |
| commit | abca3ae7734f664ee9c5edc7a9d3a17e29180bdb (patch) | |
| tree | fa6f6d12a68abb043b0253cc49f809dd7b1ebcc4 /sys/netinet/udp_usrreq.c | |
| parent | f7a2eeaa75dc95f2958d2db2170744f44e14b7ea (diff) | |
udp: fix sending of IPv4-mapped addresses
The inp_vflags field must be adjusted during the call of
in_pcbbind_setup(). This is consistent with the other places in the
code, but not elegant at all.
PR: 274009
Reported by: syzbot+81ccc423a2737ed031ac@syzkaller.appspotmail.com
Reported by: syzbot+c8e3dac881bba85bc029@syzkaller.appspotmail.com
Reviewed by: markj, rrs, rscheff
MFC after: 3 days
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D42031
Diffstat (limited to 'sys/netinet/udp_usrreq.c')
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 70d738bf2108..cbda7f536262 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -1050,7 +1050,7 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, int cscov_partial = 0; int ipflags = 0; u_short fport, lport; - u_char tos; + u_char tos, vflagsav; uint8_t pr; uint16_t cscov = 0; uint32_t flowid = 0; @@ -1092,7 +1092,8 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, * pcb hash. */ if (sin == NULL || - (inp->inp_laddr.s_addr == INADDR_ANY && inp->inp_lport == 0)) + (inp->inp_laddr.s_addr == INADDR_ANY && inp->inp_lport == 0) || + (flags & PRUS_IPV6) != 0) INP_WLOCK(inp); else INP_RLOCK(inp); @@ -1203,10 +1204,17 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, error = EINVAL; goto release; } + if ((flags & PRUS_IPV6) != 0) { + vflagsav = inp->inp_vflag; + inp->inp_vflag |= INP_IPV4; + inp->inp_vflag &= ~INP_IPV6; + } INP_HASH_WLOCK(pcbinfo); error = in_pcbbind_setup(inp, &src, &laddr.s_addr, &lport, td->td_ucred); INP_HASH_WUNLOCK(pcbinfo); + if ((flags & PRUS_IPV6) != 0) + inp->inp_vflag = vflagsav; if (error) goto release; } @@ -1249,9 +1257,16 @@ udp_send(struct socket *so, int flags, struct mbuf *m, struct sockaddr *addr, inp->inp_lport == 0 || sin->sin_addr.s_addr == INADDR_ANY || sin->sin_addr.s_addr == INADDR_BROADCAST) { + if ((flags & PRUS_IPV6) != 0) { + vflagsav = inp->inp_vflag; + inp->inp_vflag |= INP_IPV4; + inp->inp_vflag &= ~INP_IPV6; + } INP_HASH_WLOCK(pcbinfo); error = in_pcbconnect_setup(inp, sin, &laddr.s_addr, &lport, &faddr.s_addr, &fport, td->td_ucred); + if ((flags & PRUS_IPV6) != 0) + inp->inp_vflag = vflagsav; if (error) { INP_HASH_WUNLOCK(pcbinfo); goto release; |