diff --git a/sys/netinet/ip_icmp.c b/sys/netinet/ip_icmp.c index 98f290486ec5..9352289d62fe 100644 --- a/sys/netinet/ip_icmp.c +++ b/sys/netinet/ip_icmp.c @@ -561,7 +561,8 @@ icmp_input(struct mbuf **mp, int *offp, int proto) if (IN_MULTICAST(ntohl(icp->icmp_ip.ip_dst.s_addr))) goto badcode; /* Filter out responses to INADDR_ANY, protocols ignore it. */ - if (icp->icmp_ip.ip_dst.s_addr == INADDR_ANY) + if (icp->icmp_ip.ip_dst.s_addr == INADDR_ANY || + icp->icmp_ip.ip_src.s_addr == INADDR_ANY) goto freeit; #ifdef ICMPPRINTFS if (icmpprintfs) diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 5c94a0c56be1..4166cabdc5cb 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -1070,6 +1070,14 @@ icmp6_notify_error(struct mbuf **mp, int off, int icmp6len) */ eip6 = (struct ip6_hdr *)(icmp6 + 1); + /* + * Protocol layers can't do anything useful with unspecified + * addresses. + */ + if (IN6_IS_ADDR_UNSPECIFIED(&eip6->ip6_src) || + IN6_IS_ADDR_UNSPECIFIED(&eip6->ip6_dst)) + goto freeit; + icmp6dst.sin6_len = sizeof(struct sockaddr_in6); icmp6dst.sin6_family = AF_INET6; if (IN6_IS_ADDR_UNSPECIFIED(&icmp6dst.sin6_addr))