#define IGMP_LOCK() \
lck_mtx_lock(&igmp_mtx)
#define IGMP_LOCK_ASSERT_HELD() \
- lck_mtx_assert(&igmp_mtx, LCK_MTX_ASSERT_OWNED)
+ LCK_MTX_ASSERT(&igmp_mtx, LCK_MTX_ASSERT_OWNED)
#define IGMP_LOCK_ASSERT_NOTHELD() \
- lck_mtx_assert(&igmp_mtx, LCK_MTX_ASSERT_NOTOWNED)
+ LCK_MTX_ASSERT(&igmp_mtx, LCK_MTX_ASSERT_NOTOWNED)
#define IGMP_UNLOCK() \
lck_mtx_unlock(&igmp_mtx)
MGET(m, M_WAITOK, MT_DATA);
p = mtod(m, struct ipoption *);
p->ipopt_dst.s_addr = INADDR_ANY;
- p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */
+ p->ipopt_list[0] = (char)IPOPT_RA; /* Router Alert Option */
p->ipopt_list[1] = 0x04; /* 4 bytes long */
p->ipopt_list[2] = IPOPT_EOL; /* End of IP option list */
p->ipopt_list[3] = 0x00; /* pad byte */
* Validate length based on source count.
*/
nsrc = ntohs(igmpv3->igmp_numsrc);
+ /*
+ * The max vaue of nsrc is limited by the
+ * MTU of the network on which the datagram
+ * is received
+ */
+ if (nsrc < 0 || nsrc > IGMP_V3_QUERY_MAX_SRCS) {
+ IGMPSTAT_INC(igps_rcv_tooshort);
+ OIGMPSTAT_INC(igps_rcv_tooshort);
+ m_freem(m);
+ return;
+ }
srclen = sizeof(struct in_addr) * nsrc;
if (igmplen < (IGMP_V3_QUERY_MINLEN + srclen)) {
IGMPSTAT_INC(igps_rcv_tooshort);
projects / apple / xnu.git / blobdiff