CVS commit: [bouyer-socketcan] src/sys/netcan

Sun, 05 Feb 2017 11:45:06 -0800 

Module Name:    src
Committed By:   bouyer
Date:           Sun Feb  5 19:44:53 UTC 2017

Modified Files:
        src/sys/netcan [bouyer-socketcan]: can.c can_pcb.c

Log Message:
more sanity checks on the mbuf we get.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.5 -r1.1.2.6 src/sys/netcan/can.c
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 src/sys/netcan/can_pcb.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/netcan/can.c
diff -u src/sys/netcan/can.c:1.1.2.5 src/sys/netcan/can.c:1.1.2.6
--- src/sys/netcan/can.c:1.1.2.5	Sun Feb  5 17:37:10 2017
+++ src/sys/netcan/can.c	Sun Feb  5 19:44:53 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: can.c,v 1.1.2.5 2017/02/05 17:37:10 bouyer Exp $	*/
+/*	$NetBSD: can.c,v 1.1.2.6 2017/02/05 19:44:53 bouyer Exp $	*/
 
 /*-
  * Copyright (c) 2003, 2017 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: can.c,v 1.1.2.5 2017/02/05 17:37:10 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: can.c,v 1.1.2.6 2017/02/05 19:44:53 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -493,6 +493,13 @@ can_send(struct socket *so, struct mbuf 
 	if (control && control->m_len) {
 		return EINVAL;
 	}
+	if (m->m_len > sizeof(struct can_frame) ||
+	   m->m_len < offsetof(struct can_frame, can_dlc))
+		return EINVAL;
+
+	/* we expect all data in the first mbuf */
+	KASSERT((m->m_flags & M_PKTHDR) != 0);
+	KASSERT(m->m_len == m->m_pkthdr.len);
 
 	if (nam) {
 		if ((so->so_state & SS_ISCONNECTED) != 0) {

Index: src/sys/netcan/can_pcb.c
diff -u src/sys/netcan/can_pcb.c:1.1.2.2 src/sys/netcan/can_pcb.c:1.1.2.3
--- src/sys/netcan/can_pcb.c:1.1.2.2	Sun Feb  5 10:56:12 2017
+++ src/sys/netcan/can_pcb.c	Sun Feb  5 19:44:53 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: can_pcb.c,v 1.1.2.2 2017/02/05 10:56:12 bouyer Exp $	*/
+/*	$NetBSD: can_pcb.c,v 1.1.2.3 2017/02/05 19:44:53 bouyer Exp $	*/
 
 /*-
  * Copyright (c) 2003, 2017 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: can_pcb.c,v 1.1.2.2 2017/02/05 10:56:12 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: can_pcb.c,v 1.1.2.3 2017/02/05 19:44:53 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -332,6 +332,9 @@ can_pcbfilter(struct canpcb *canp, struc
 	struct can_frame *fmp;
 	struct can_filter *fip;
 
+	KASSERT((m->m_flags & M_PKTHDR) != 0);
+	KASSERT(m->m_len == m->m_pkthdr.len);
+
 	fmp = mtod(m, struct can_frame *);
 	for (i = 0; i < canp->canp_nfilters; i++) {
 		fip = &canp->canp_filters[i];

Reply via email to