From b3664a14cc136cb56e974c893ac6ef591d84f866 Mon Sep 17 00:00:00 2001 From: Qing Li Date: Tue, 25 Oct 2011 04:06:29 +0000 Subject: [PATCH] Exclude host routes when checking for prefix coverage on multiple interfaces. A host route has a NULL mask so check for that condition. I have also been told by developers who customize the packet output path with direct manipulation of the route entry (or the outgoing interface to be specific). This patch checks for the route mask explicitly to make sure custom code will not panic. PR: kern/161805 MFC after: 3 days --- sys/netinet/in.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index bba364d7d0c..c91df4a2744 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1429,12 +1429,21 @@ in_lltable_rtcheck(struct ifnet *ifp, u_int flags, const struct sockaddr *l3addr * on one interface and the corresponding outgoing packet leaves * another interface. */ - if (rt->rt_ifp != ifp) { + if (!(rt->rt_flags & RTF_HOST) && rt->rt_ifp != ifp) { const char *sa, *mask, *addr, *lim; int len; - sa = (const char *)rt_key(rt); mask = (const char *)rt_mask(rt); + /* + * Just being extra cautious to avoid some custom + * code getting into trouble. + */ + if (mask == NULL) { + RTFREE_LOCKED(rt); + return (EINVAL); + } + + sa = (const char *)rt_key(rt); addr = (const char *)l3addr; len = ((const struct sockaddr_in *)l3addr)->sin_len; lim = addr + len;