Module Name: src
Committed By: alnsn
Date: Thu Dec 29 23:47:21 UTC 2011
Modified Files:
src/sys/net: bpf_filter.c
Log Message:
Apply same bounds checks for BPF_LD|BPF_B|BPF_IND as for
BPF_LD|BPF_H|BPF_IND and BPF_LD|BPF_W|BPF_IND.
>From FreeBSD r48548, the original r45574 had a typo.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/net/bpf_filter.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/bpf_filter.c
diff -u src/sys/net/bpf_filter.c:1.49 src/sys/net/bpf_filter.c:1.50
--- src/sys/net/bpf_filter.c:1.49 Thu Dec 29 20:50:06 2011
+++ src/sys/net/bpf_filter.c Thu Dec 29 23:47:21 2011
@@ -1,4 +1,4 @@
-/* $NetBSD: bpf_filter.c,v 1.49 2011/12/29 20:50:06 christos Exp $ */
+/* $NetBSD: bpf_filter.c,v 1.50 2011/12/29 23:47:21 alnsn Exp $ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.49 2011/12/29 20:50:06 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.50 2011/12/29 23:47:21 alnsn Exp $");
#if 0
#if !(defined(lint) || defined(KERNEL))
@@ -274,7 +274,7 @@ bpf_filter(const struct bpf_insn *pc, co
case BPF_LD|BPF_B|BPF_IND:
k = X + pc->k;
- if (k >= buflen) {
+ if (pc->k >= buflen || X >= buflen - pc->k) {
#ifdef _KERNEL
const struct mbuf *m;
int len;
