CVS commit: src/sys/net

Alexander Nasonov Sat, 05 Jul 2014 15:06:27 -0700

Module Name:    src
Committed By:   alnsn
Date:           Sat Jul  5 22:06:11 UTC 2014


Modified Files:
        src/sys/net: bpf_filter.c

Log Message:
Implement error checking in m_xbyte() and check for errors after m_xbyte() call.
Reuse (len - k) expression in m_xword() and m_xhalf() to give an optimization
hint to a compiler.

When m_xbyte() didn't exist, bpf_filter() handled out-of-bounds BPF_B loads
correctly because "return 0" inside MINDEX() was aborting filter programs.
After the change that added m_xbyte() zero values were passed to A or X
registers instead of aborting a filter program.


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 src/sys/net/bpf_filter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/bpf_filter.c
diff -u src/sys/net/bpf_filter.c:1.65 src/sys/net/bpf_filter.c:1.66
--- src/sys/net/bpf_filter.c:1.65	Wed Jun 25 09:51:34 2014
+++ src/sys/net/bpf_filter.c	Sat Jul  5 22:06:11 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: bpf_filter.c,v 1.65 2014/06/25 09:51:34 alnsn Exp $	*/
+/*	$NetBSD: bpf_filter.c,v 1.66 2014/07/05 22:06:11 alnsn Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.65 2014/06/25 09:51:34 alnsn Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.66 2014/07/05 22:06:11 alnsn Exp $");
 
 #if 0
 #if !(defined(lint) || defined(KERNEL))
@@ -124,12 +124,12 @@ m_xword(const struct mbuf *m, uint32_t k
 	*err = 1;
 	MINDEX(len, m, k);
 	cp = mtod(m, u_char *) + k;
-	if (len >= k + 4) {
+	if (len - k >= 4) {
 		*err = 0;
 		return EXTRACT_LONG(cp);
 	}
 	m0 = m->m_next;
-	if (m0 == 0 || m0->m_len + len - k < 4)
+	if (m0 == 0 || (len - k) + m0->m_len < 4)
 		return 0;
 	*err = 0;
 	np = mtod(m0, u_char *);
@@ -154,7 +154,7 @@ m_xhalf(const struct mbuf *m, uint32_t k
 	*err = 1;
 	MINDEX(len, m, k);
 	cp = mtod(m, u_char *) + k;
-	if (len >= k + 2) {
+	if (len - k >= 2) {
 		*err = 0;
 		return EXTRACT_SHORT(cp);
 	}
@@ -170,8 +170,9 @@ m_xbyte(const struct mbuf *m, uint32_t k
 {
 	int len;
 
-	*err = 0;
+	*err = 1;
 	MINDEX(len, m, k);
+	*err = 0;
 	return mtod(m, u_char *)[k];
 }
 #else /* _KERNEL */
@@ -306,6 +307,8 @@ bpf_filter(const struct bpf_insn *pc, co
 				if (args->buflen != 0)
 					return 0;
 				A = xbyte(args->pkt, k, &merr);
+				if (merr != 0)
+					return 0;
 				continue;
 #else
 				return 0;
@@ -374,6 +377,8 @@ bpf_filter(const struct bpf_insn *pc, co
 				if (args->buflen != 0)
 					return 0;
 				A = xbyte(args->pkt, k, &merr);
+				if (merr != 0)
+					return 0;
 				continue;
 #else
 				return 0;
@@ -391,6 +396,8 @@ bpf_filter(const struct bpf_insn *pc, co
 				if (args->buflen != 0)
 					return 0;
 				X = (xbyte(args->pkt, k, &merr) & 0xf) << 2;
+				if (merr != 0)
+					return 0;
 				continue;
 #else
 				return 0;

CVS commit: src/sys/net

Reply via email to