Module Name: src Committed By: martin Date: Wed Oct 16 09:46:55 UTC 2019
Modified Files: src/sys/net [netbsd-9]: bpf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #335): sys/net/bpf.c: revision 1.230 sys/net/bpf.c: revision 1.231 Add KASSERT to catch bugs. Something tells me it could easily fire. - As I suspected, the KASSERT I added yesterday can fire if we try to process zero-sized packets. Skip them to prevent a type confusion that can trigger random page faults later. To generate a diff of this commit: cvs rdiff -u -r1.229 -r1.229.2.1 src/sys/net/bpf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/net/bpf.c diff -u src/sys/net/bpf.c:1.229 src/sys/net/bpf.c:1.229.2.1 --- src/sys/net/bpf.c:1.229 Wed Jul 10 17:55:33 2019 +++ src/sys/net/bpf.c Wed Oct 16 09:46:55 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $ */ +/* $NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $ */ /* * Copyright (c) 1990, 1991, 1993 @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $"); #if defined(_KERNEL_OPT) #include "opt_bpf.h" @@ -1676,10 +1676,16 @@ _bpf_mtap(struct bpf_if *bp, struct mbuf pktlen = m_length(m); + /* Skip zero-sized packets. */ + if (__predict_false(pktlen == 0)) { + return; + } + if (pktlen == m->m_len) { cpfn = (void *)memcpy; marg = mtod(m, void *); buflen = pktlen; + KASSERT(buflen != 0); } else { cpfn = bpf_mcpy; marg = m;