On Wed, Oct 31, 2018 at 02:55:20AM +0200, Artturi Alm wrote:
> Hi,
>
> spam in the subject does make ttyC0 unusable in practice with urndis(4).
> I don't like repeating myself, so all i provide is the link where this
> behaviour requiring while (len > 1) is explained:
> https://docs.microsoft.com/en-us/windows-hardware/drivers/network/usb-short-packets
>
> I'm running the minimal diff below on amd64 running 6.4.
>
ping pong?
i've already done $ rm ~/diffs/obsd-*.diff
so currently there's no need to worry about me going after any other
bugs/changes relevant to me, even if this was fixed.
waste of time is, waste of time.
-Artturi
> -Artturi
>
>
> diff --git a/sys/dev/usb/if_urndis.c b/sys/dev/usb/if_urndis.c
> index f6b3c7bad9d..c5b4bc4ed3c 100644
> --- a/sys/dev/usb/if_urndis.c
> +++ b/sys/dev/usb/if_urndis.c
> @@ -826,7 +826,7 @@ urndis_decap(struct urndis_softc *sc, struct urndis_chain
> *c, u_int32_t len)
> ifp = GET_IFP(sc);
> offset = 0;
>
> - while (len > 0) {
> + while (len > 1) {
> msg = (struct rndis_packet_msg *)((char*)c->sc_buf + offset);
> m = c->sc_mbuf;
>
> @@ -839,7 +839,7 @@ urndis_decap(struct urndis_softc *sc, struct urndis_chain
> *c, u_int32_t len)
> DEVNAME(sc),
> len,
> sizeof(*msg));
> - return;
> + break;
> }
>
> DPRINTF(("%s: urndis_decap len %u data(off:%u len:%u) "
> @@ -859,14 +859,14 @@ urndis_decap(struct urndis_softc *sc, struct
> urndis_chain *c, u_int32_t len)
> DEVNAME(sc),
> letoh32(msg->rm_type),
> REMOTE_NDIS_PACKET_MSG);
> - return;
> + break;
> }
> if (letoh32(msg->rm_len) < sizeof(*msg)) {
> printf("%s: urndis_decap invalid msg len %u < %zu\n",
> DEVNAME(sc),
> letoh32(msg->rm_len),
> sizeof(*msg));
> - return;
> + break;
> }
> if (letoh32(msg->rm_len) > len) {
> printf("%s: urndis_decap invalid msg len %u > buffer "
> @@ -874,7 +874,7 @@ urndis_decap(struct urndis_softc *sc, struct urndis_chain
> *c, u_int32_t len)
> DEVNAME(sc),
> letoh32(msg->rm_len),
> len);
> - return;
> + break;
> }
>
> if (letoh32(msg->rm_dataoffset) +
> @@ -889,7 +889,7 @@ urndis_decap(struct urndis_softc *sc, struct urndis_chain
> *c, u_int32_t len)
> letoh32(msg->rm_dataoffset) +
> letoh32(msg->rm_datalen) + RNDIS_HEADER_OFFSET,
> letoh32(msg->rm_len));
> - return;
> + break;
> }
>
> if (letoh32(msg->rm_datalen) < sizeof(struct ether_header)) {
> @@ -899,7 +899,7 @@ urndis_decap(struct urndis_softc *sc, struct urndis_chain
> *c, u_int32_t len)
> DEVNAME(sc),
> letoh32(msg->rm_datalen),
> sizeof(struct ether_header)));
> - return;
> + break;
> }
>
> memcpy(mtod(m, char*),
> @@ -916,6 +916,8 @@ urndis_decap(struct urndis_softc *sc, struct urndis_chain
> *c, u_int32_t len)
> offset += letoh32(msg->rm_len);
> len -= letoh32(msg->rm_len);
> }
> + if (ml_empty(&ml))
> + return;
>
> s = splnet();
> if_input(ifp, &ml);
