]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet/igmp.c
xnu-4570.51.1.tar.gz
[apple/xnu.git] / bsd / netinet / igmp.c
index 572a083ec211a0a928b058fa094bf3111f7a054f..b96b869fa9a7908ccb690e965ba8ae2230857fa7 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2013 Apple Inc. All rights reserved.
+ * Copyright (c) 2000-2016 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -190,9 +190,9 @@ static int current_state_timers_running;    /* IGMPv1/v2 host
 #define        IGMP_LOCK()                     \
        lck_mtx_lock(&igmp_mtx)
 #define        IGMP_LOCK_ASSERT_HELD()         \
-       lck_mtx_assert(&igmp_mtx, LCK_MTX_ASSERT_OWNED)
+       LCK_MTX_ASSERT(&igmp_mtx, LCK_MTX_ASSERT_OWNED)
 #define        IGMP_LOCK_ASSERT_NOTHELD()      \
-       lck_mtx_assert(&igmp_mtx, LCK_MTX_ASSERT_NOTOWNED)
+       LCK_MTX_ASSERT(&igmp_mtx, LCK_MTX_ASSERT_NOTOWNED)
 #define        IGMP_UNLOCK()                   \
        lck_mtx_unlock(&igmp_mtx)
 
@@ -555,7 +555,7 @@ igmp_ra_alloc(void)
        MGET(m, M_WAITOK, MT_DATA);
        p = mtod(m, struct ipoption *);
        p->ipopt_dst.s_addr = INADDR_ANY;
-       p->ipopt_list[0] = IPOPT_RA;    /* Router Alert Option */
+       p->ipopt_list[0] = (char)IPOPT_RA;      /* Router Alert Option */
        p->ipopt_list[1] = 0x04;        /* 4 bytes long */
        p->ipopt_list[2] = IPOPT_EOL;   /* End of IP option list */
        p->ipopt_list[3] = 0x00;        /* pad byte */
@@ -1737,6 +1737,17 @@ igmp_input(struct mbuf *m, int off)
                                 * Validate length based on source count.
                                 */
                                nsrc = ntohs(igmpv3->igmp_numsrc);
+                               /*
+                                * The max vaue of nsrc is limited by the
+                                * MTU of the network on which the datagram
+                                * is received
+                                */
+                               if (nsrc < 0 || nsrc > IGMP_V3_QUERY_MAX_SRCS) {
+                                       IGMPSTAT_INC(igps_rcv_tooshort);
+                                       OIGMPSTAT_INC(igps_rcv_tooshort);
+                                       m_freem(m);
+                                       return;
+                               }
                                srclen = sizeof(struct in_addr) * nsrc;
                                if (igmplen < (IGMP_V3_QUERY_MINLEN + srclen)) {
                                        IGMPSTAT_INC(igps_rcv_tooshort);
@@ -3902,7 +3913,7 @@ igmp_v3_encap_report(struct ifnet *ifp, struct mbuf *m)
        if (m->m_flags & M_IGMPV3_HDR) {
                igmpreclen -= hdrlen;
        } else {
-               M_PREPEND(m, hdrlen, M_DONTWAIT);
+               M_PREPEND(m, hdrlen, M_DONTWAIT, 1);
                if (m == NULL)
                        return (NULL);
                m->m_flags |= M_IGMPV3_HDR;
@@ -3958,22 +3969,16 @@ igmp_rec_type_to_str(const int type)
        switch (type) {
                case IGMP_CHANGE_TO_EXCLUDE_MODE:
                        return "TO_EX";
-                       break;
                case IGMP_CHANGE_TO_INCLUDE_MODE:
                        return "TO_IN";
-                       break;
                case IGMP_MODE_IS_EXCLUDE:
                        return "MODE_EX";
-                       break;
                case IGMP_MODE_IS_INCLUDE:
                        return "MODE_IN";
-                       break;
                case IGMP_ALLOW_NEW_SOURCES:
                        return "ALLOW_NEW";
-                       break;
                case IGMP_BLOCK_OLD_SOURCES:
                        return "BLOCK_OLD";
-                       break;
                default:
                        break;
        }