Fixed remotely exploitable DoS in arpresolve().

Easily exploitable by flood pinging the target host over an interface with the IFF_NOARP flag set (all you need to know is the target host's MAC address). MFC after: 0 days
2026-06-09 00:32:25 -04:00 · 2001-12-05 18:13:34 +00:00 · 2001-12-05 18:13:34 +00:00 · 47891de1a5
commit 47891de1a5
parent 959f4950f5
1 changed files with 3 additions and 1 deletions
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@ -436,8 +436,10 @@ arpresolve(ifp, rt, m, dst, desten, rt0)
 	 * Probably should not allocate empty llinfo struct if we are
 	 * not going to be sending out an arp request.
 	 */
-	if (ifp->if_flags & IFF_NOARP)
+	if (ifp->if_flags & IFF_NOARP) {
+		m_freem(m);
 		return (0);
+	}
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this