Module Name: src
Committed By: cegger
Date: Sun May 17 11:34:21 UTC 2009
Modified Files:
src/sys/net: if_bridge.c
Log Message:
fix crash in bridge_ioctl():
BRDGGFLT and BRDGSFILT bridge controls are only available with BRIDGE_IPF and
PFIL_HOOKS defined.
In amd64 GENERIC and XEN kernel configs PFIL_HOOKS is defined but BRIDGE_IPF is
not.
When a BRDGGFLT or BRDGSFILT command comes in, then ifd->ifd_cmd is not in range
of bridge_control_table_size. Then bc is not set and is dereferenced
later => BOOM.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/sys/net/if_bridge.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_bridge.c
diff -u src/sys/net/if_bridge.c:1.69 src/sys/net/if_bridge.c:1.70
--- src/sys/net/if_bridge.c:1.69 Tue May 12 23:03:24 2009
+++ src/sys/net/if_bridge.c Sun May 17 11:34:21 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: if_bridge.c,v 1.69 2009/05/12 23:03:24 elad Exp $ */
+/* $NetBSD: if_bridge.c,v 1.70 2009/05/17 11:34:21 cegger Exp $ */
/*
* Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.69 2009/05/12 23:03:24 elad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.70 2009/05/17 11:34:21 cegger Exp $");
#include "opt_bridge_ipf.h"
#include "opt_inet.h"
@@ -454,7 +454,7 @@
case SIOCSDRVSPEC:
if (ifd->ifd_cmd >= bridge_control_table_size) {
error = EINVAL;
- break;
+ return error;
}
bc = &bridge_control_table[ifd->ifd_cmd];
@@ -476,6 +476,7 @@
switch (cmd) {
case SIOCGDRVSPEC:
case SIOCSDRVSPEC:
+ KASSERT(bc != NULL);
if (cmd == SIOCGDRVSPEC &&
(bc->bc_flags & BC_F_COPYOUT) == 0) {
error = EINVAL;
