Subject: Re: kern/32198: bpf_validate() needs to do more checks
To: None <email@example.com, firstname.lastname@example.org>
From: Rui Paulo <email@example.com>
Date: 11/30/2005 17:16:29
On 2005.11.30 11:42:00 +0000, firstname.lastname@example.org wrote:
| OpenBSD's bpf_validate() in sys/net/bpf_filter.c does some additional checks to catch:
| BPF programs with no instructions or with more than BPF_MAXINSNS instructions;
This is done in bpf_setf();
| BPF_STX and BPF_LDX|BPF_MEM instructions that have out-of-range offsets (which could be made to fetch or store into arbitrary memory locations);
| BPF_DIV instructions with a constant 0 divisor (that's a check also done at run time).
What's wrong with the current checks in bpf_validate() ?
-- Rui Paulo