CVS commit: [netbsd-5] src/sys/net

Wed, 11 Sep 2013 00:04:05 -0700 

Module Name:    src
Committed By:   msaitoh
Date:           Wed Sep 11 07:02:46 UTC 2013

Modified Files:
        src/sys/net [netbsd-5]: bpf.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1874):
        sys/net/bpf.c: revision 1.176 via patch
PR/48198: Peter Bex: Avoid kernel panic caused by setting a very small bpf
buffer size.


To generate a diff of this commit:
cvs rdiff -u -r1.141.6.2 -r1.141.6.3 src/sys/net/bpf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/bpf.c
diff -u src/sys/net/bpf.c:1.141.6.2 src/sys/net/bpf.c:1.141.6.3
--- src/sys/net/bpf.c:1.141.6.2	Tue Apr  5 06:10:50 2011
+++ src/sys/net/bpf.c	Wed Sep 11 07:02:46 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: bpf.c,v 1.141.6.2 2011/04/05 06:10:50 riz Exp $	*/
+/*	$NetBSD: bpf.c,v 1.141.6.3 2013/09/11 07:02:46 msaitoh Exp $	*/
 
 /*
  * Copyright (c) 1990, 1991, 1993
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.141.6.2 2011/04/05 06:10:50 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.141.6.3 2013/09/11 07:02:46 msaitoh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_bpf.h"
@@ -1453,7 +1453,7 @@ catchpacket(struct bpf_d *d, u_char *pkt
     void *(*cpfn)(void *, const void *, size_t), struct timeval *tv)
 {
 	struct bpf_hdr *hp;
-	int totlen, curlen;
+	int totlen, curlen, caplen;
 	int hdrlen = d->bd_bif->bif_hdrlen;
 	int do_wakeup = 0;
 
@@ -1468,6 +1468,13 @@ catchpacket(struct bpf_d *d, u_char *pkt
 	totlen = hdrlen + min(snaplen, pktlen);
 	if (totlen > d->bd_bufsize)
 		totlen = d->bd_bufsize;
+	/*
+	 * If we adjusted totlen to fit the bufsize, it could be that
+	 * totlen is smaller than hdrlen because of the link layer header.
+	 */
+	caplen = totlen - hdrlen;
+	if (caplen < 0)
+		caplen = 0;
 
 	/*
 	 * Round up the end of the previous packet to the next longword.
@@ -1507,10 +1514,11 @@ catchpacket(struct bpf_d *d, u_char *pkt
 	hp->bh_tstamp = *tv;
 	hp->bh_datalen = pktlen;
 	hp->bh_hdrlen = hdrlen;
+	hp->bh_caplen = caplen;
 	/*
 	 * Copy the packet data into the store buffer and update its length.
 	 */
-	(*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen));
+	(*cpfn)((u_char *)hp + hdrlen, pkt, caplen);
 	d->bd_slen = curlen + totlen;
 
 	/*

Reply via email to