xnu-792.25.20.tar.gz

[apple/xnu.git] / bsd / netinet / ip_icmp.c

diff --git a/bsd/netinet/ip_icmp.c b/bsd/netinet/ip_icmp.c
index d6fbacb09c2ef8a955ddeb03f08bd13b408afe7c..030ef068084a7a4863a490ea090f390a60a13e2c 100644 (file)
--- a/bsd/netinet/ip_icmp.c
+++ b/bsd/netinet/ip_icmp.c
@@ -89,6 +89,13 @@
 #if defined(NFAITH) && NFAITH > 0
 #include "faith.h"
 #include <net/if_types.h>
+#endif
+
+ /* XXX This one should go in sys/mbuf.h. It is used to avoid that
+ * a firewall-generated packet loops forever through the firewall.
+ */
+#ifndef M_SKIP_FIREWALL
+#define M_SKIP_FIREWALL         0x4000
 #endif
 
 /*
@@ -200,6 +207,12 @@ icmp_error(
        m = m_gethdr(M_DONTWAIT, MT_HEADER);
        if (m == NULL)
                goto freeit;
+
+       if (n->m_flags & M_SKIP_FIREWALL) {
+               /* set M_SKIP_FIREWALL to skip firewall check, since we're called from firewall */
+               m->m_flags |= M_SKIP_FIREWALL;
+       }
+
        icmplen = min(oiplen + 8, oip->ip_len);
        if (icmplen < sizeof(struct ip)) {
                printf("icmp_error: bad length\n");
@@ -688,6 +701,11 @@ icmp_reflect(m)
         */
        if (ia == (struct in_ifaddr *)0) {
                ia = in_ifaddrhead.tqh_first;
+               if (ia == (struct in_ifaddr *)0) {/* no address yet, bail out */
+                       m_freem(m);
+                       lck_mtx_unlock(rt_mtx);
+                       goto done;
+               }
                ifaref(&ia->ia_ifa);
        }
        lck_mtx_unlock(rt_mtx);