2011/3/20 Loganaden Velvindron <logana...@devio.us>
> Hi, this diff also discards packets larger than maximum buffer size.
>
> Please test.
>
> Index: src/sys/dev/usb/if_urndis.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/usb/if_urndis.c,v
> retrieving revision 1.29
> diff -u -p -r1.29 if_urndis.c
> --- src/sys/dev/usb/if_urndis.c 25 Jan 2011 20:03:35 -0000 1.29
> +++ src/sys/dev/usb/if_urndis.c 20 Mar 2011 05:22:55 -0000
> @@ -801,12 +801,13 @@ urndis_decap(struct urndis_softc *sc, st
> DPRINTF(("%s: urndis_decap buffer size left %u\n",
> DEVNAME(sc),
> len));
>
> - if (len < sizeof(*msg)) {
> + if (len < sizeof(*msg) || len > RNDIS_BUFSZ) {
> printf("%s: urndis_decap invalid buffer len %u < "
> - "minimum header %u\n",
> + "minimum header %u maximum size %d\n",
> DEVNAME(sc),
> len,
> - sizeof(*msg));
> + sizeof(*msg),
> + RNDIS_BUFSZ);
> return;
> }
>
>
With this patch and doing large scp's, I get a few:
urndis0: urndis_decap invalid buffer len 1 < minimum header 44 maximum size
1562
urndis0: urndis_decap invalid buffer len 1 < minimum header 44 maximum size
1562
in my amd64 dmesg buffer, but no other changes noticed.
--
To our sweethearts and wives. May they never meet. -- 19th century toast
