From 47891de1a5ff5c1483294d344e019c3ddc6ccba2 Mon Sep 17 00:00:00 2001 From: Ruslan Ermilov Date: Wed, 5 Dec 2001 18:13:34 +0000 Subject: [PATCH] Fixed remotely exploitable DoS in arpresolve(). Easily exploitable by flood pinging the target host over an interface with the IFF_NOARP flag set (all you need to know is the target host's MAC address). MFC after: 0 days --- sys/netinet/if_ether.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index b4f5f08c921..e79fb3d4d05 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -436,8 +436,10 @@ arpresolve(ifp, rt, m, dst, desten, rt0) * Probably should not allocate empty llinfo struct if we are * not going to be sending out an arp request. */ - if (ifp->if_flags & IFF_NOARP) + if (ifp->if_flags & IFF_NOARP) { + m_freem(m); return (0); + } /* * There is an arptab entry, but no ethernet address * response yet. Replace the held mbuf with this