svn commit: r290441 - head/sys/dev/usb/net

Fri, 06 Nov 2015 04:54:55 -0800 

Author: hselasky
Date: Fri Nov  6 12:54:27 2015
New Revision: 290441
URL: https://svnweb.freebsd.org/changeset/base/290441

Log:
  Fix for unaligned IP-header.
  
  The mbuf length fields must be set before m_adj() is called else
  m_adj() will not always adjust the mbuf and an unaligned read
  exception can trigger inside the network stack. This can happen on
  platforms where unaligned reads are not supported. Adjust a length
  check to include the 2-byte ethernet alignment while at it.
  
  MFC after:    3 days

Modified:
  head/sys/dev/usb/net/if_cdce.c
  head/sys/dev/usb/net/if_urndis.c

Modified: head/sys/dev/usb/net/if_cdce.c
==============================================================================
--- head/sys/dev/usb/net/if_cdce.c      Fri Nov  6 12:02:24 2015        
(r290440)
+++ head/sys/dev/usb/net/if_cdce.c      Fri Nov  6 12:54:27 2015        
(r290441)
@@ -1535,6 +1535,7 @@ cdce_ncm_bulk_read_callback(struct usb_x
 
                        /* check if we have a buffer */
                        if (m) {
+                               m->m_len = m->m_pkthdr.len = temp + ETHER_ALIGN;
                                m_adj(m, ETHER_ALIGN);
 
                                usbd_copy_out(pc, offset, m->m_data, temp);

Modified: head/sys/dev/usb/net/if_urndis.c
==============================================================================
--- head/sys/dev/usb/net/if_urndis.c    Fri Nov  6 12:02:24 2015        
(r290440)
+++ head/sys/dev/usb/net/if_urndis.c    Fri Nov  6 12:54:27 2015        
(r290441)
@@ -884,7 +884,7 @@ urndis_bulk_read_callback(struct usb_xfe
                                DPRINTF("invalid ethernet size "
                                    "%u < %u\n", msg.rm_datalen, 
(unsigned)sizeof(struct ether_header));
                                goto tr_setup;
-                       } else if (msg.rm_datalen > (uint32_t)MCLBYTES) {
+                       } else if (msg.rm_datalen > (uint32_t)(MCLBYTES - 
ETHER_ALIGN)) {
                                if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
                                DPRINTF("invalid ethernet size "
                                    "%u > %u\n",
@@ -898,6 +898,7 @@ urndis_bulk_read_callback(struct usb_xfe
 
                        /* check if we have a buffer */
                        if (m != NULL) {
+                               m->m_len = m->m_pkthdr.len = msg.rm_datalen + 
ETHER_ALIGN;
                                m_adj(m, ETHER_ALIGN);
 
                                usbd_copy_out(pc, offset + msg.rm_dataoffset +
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"

Reply via email to