Hi Luca, There is a slight problem in the way you implemented my fix. By adding sizeof(struct sk_filter) to fsize, you do allocate the correct amount of memory. However, this causes more bytes to be copied in the call
copy_from_user(filter->insns, fprog.filter, fsize) If fsize represents the size of the BPF instructions, you dont need to add the sk_filter header to it. Have a look at the copy_from_user call i just mentioned. You copy to filter->insns, which is 8 bytes after the begginning of filter. You allocated 'fsize' bytes to filter (filter = kmalloc(fsize, GFP_KERNEL)). When you copy 'fsize' bytes to filter starting at offset 8, you still write to 8 bytes of uncharted territory. fsize was calculated correctly before, but the kmalloc call needs to add sizeof(struct sk_filter) bytes to it, so that when you copy 'fsize' bytes to filter->insns (which is 8 bytes after filter), you will be writing to allocated memory. I would change the two lines into fsize = sizeof(struct sock_filter) * fprog.len; filter = kmalloc(fsize + sizeof(struct sk_filter), GFP_KERNEL); This is how i implemented it and it works all of the time.
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
