IP Filter bug report form.
--------------------------
IP Filter Version: 4.1.5
Operating System Version: Solaris 10 x86
Configuration: LKM
Description of problem:
Strictly speaking you can't add an arbitrary amount to a pointer
and then perform a meaningful comparison with it.
How to repeat:
The enclosed * lightly tested * patch to SunOS/pfildrv.c fixes the problem.
*** SunOS/pfildrv.c.ORIGINAL Mon Feb 21 19:07:18 2005
--- SunOS/pfildrv.c Mon Feb 21 19:47:44 2005
*************** int pfil_precheck(queue_t *q, mblk_t **m
*** 541,562 ****
}
- ip = (struct ip *)(m->b_rptr + off);
-
/*
* We might have a 1st data block which is really M_PROTO, i.e. it is
* only big enough for the link layer header
*/
! while ((u_char *)ip >= m->b_wptr) {
! len = (u_char *)ip - m->b_wptr;
m = m->b_cont;
if (m == NULL) {
atomic_add_long(&qif->qf_nodata, 1);
return -4; /* not enough data for IP */
}
- ip = (struct ip *)(m->b_rptr + len);
}
! off = (u_char *)ip - m->b_rptr;
mlen = msgdsize(m) - off;
sap = qif->qf_sap;
if (mlen == 0)
--- 541,560 ----
}
/*
* We might have a 1st data block which is really M_PROTO, i.e. it is
* only big enough for the link layer header
*/
! while ((len = m->b_rptr - m->b_wptr) <= off) {
! off -= len;
m = m->b_cont;
if (m == NULL) {
atomic_add_long(&qif->qf_nodata, 1);
return -4; /* not enough data for IP */
}
}
!
! ip = (struct ip *)(m->b_rptr + off);
mlen = msgdsize(m) - off;
sap = qif->qf_sap;
if (mlen == 0)
-- John
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
