Module Name: src
Committed By: maxv
Date: Sat Dec 9 10:19:42 UTC 2017
Modified Files:
src/sys/net: if_ethersubr.c
Log Message:
Make sure we have an llc structure in the packet, and don't read past the
end of the mbuf if we don't. I'm wondering whether we should not pull up
instead, but whatever.
To generate a diff of this commit:
cvs rdiff -u -r1.248 -r1.249 src/sys/net/if_ethersubr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_ethersubr.c
diff -u src/sys/net/if_ethersubr.c:1.248 src/sys/net/if_ethersubr.c:1.249
--- src/sys/net/if_ethersubr.c:1.248 Wed Dec 6 04:00:07 2017
+++ src/sys/net/if_ethersubr.c Sat Dec 9 10:19:42 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_ethersubr.c,v 1.248 2017/12/06 04:00:07 ozaki-r Exp $ */
+/* $NetBSD: if_ethersubr.c,v 1.249 2017/12/09 10:19:42 maxv Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.248 2017/12/06 04:00:07 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.249 2017/12/09 10:19:42 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -833,6 +833,9 @@ ether_input(struct ifnet *ifp, struct mb
}
} else {
#if defined (LLC) || defined (NETATALK)
+ if (m->m_len < ehlen + sizeof(struct llc)) {
+ goto dropanyway;
+ }
l = (struct llc *)(eh+1);
switch (l->llc_dsap) {
#ifdef NETATALK
@@ -869,8 +872,8 @@ ether_input(struct ifnet *ifp, struct mb
goto dropanyway;
}
break;
- dropanyway:
#endif
+ dropanyway:
default:
m_freem(m);
return;
