Author: ae
Date: Wed Oct 28 17:55:37 2015
New Revision: 290116
URL: https://svnweb.freebsd.org/changeset/base/290116
Log:
Check the size of data available in mbuf, before using them.
PR: 202667
MFC after: 1 week
Modified:
head/sys/net/if_gre.c
Modified: head/sys/net/if_gre.c
==============================================================================
--- head/sys/net/if_gre.c Wed Oct 28 16:31:04 2015 (r290115)
+++ head/sys/net/if_gre.c Wed Oct 28 17:55:37 2015 (r290116)
@@ -691,6 +691,14 @@ gre_input(struct mbuf **mp, int *offp, i
KASSERT(sc != NULL, ("encap_getarg returned NULL"));
ifp = GRE2IFP(sc);
+ hlen = *offp + sizeof(struct grehdr) + 4 * sizeof(uint32_t);
+ if (m->m_pkthdr.len < hlen)
+ goto drop;
+ if (m->m_len < hlen) {
+ m = m_pullup(m, hlen);
+ if (m == NULL)
+ goto drop;
+ }
gh = (struct grehdr *)mtodo(m, *offp);
flags = ntohs(gh->gre_flags);
if (flags & ~GRE_FLAGS_MASK)
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
