Subject: fix for PR 26666 (incorrect use of m_pulldown() in fil.c)
To: None <tech-net@netbsd.org>
From: Chuck Silvers <chuq@chuq.com>
List: tech-net
Date: 08/21/2004 19:05:02
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
hi,
is the attached diff correct? it fixes PR 26666 in my testing.
the problem is in this bit of code in fr_pullup() in netinet/fil.c
(which I've unifdef'd for readability):
if (M_LEN(m) < len) {
if (len > MHLEN)
{
m = m_pulldown(m, 0, len, NULL);
} else
{
m = m_pullup(m, len);
}
*fin->fin_mp = m;
fin->fin_m = m;
...
}
this code assumes that m_pulldown() has the same return value semantics
as m_pullup(), but it doesn't.
-Chuck
--PEIAKu/WMn1b1Hv9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="diff.fr_pullup"
Index: src/sys/netinet/fil.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/fil.c,v
retrieving revision 1.61.2.6
diff -u -p -r1.61.2.6 fil.c
--- src/sys/netinet/fil.c 13 Aug 2004 03:55:01 -0000 1.61.2.6
+++ src/sys/netinet/fil.c 22 Aug 2004 01:51:03 -0000
@@ -5581,7 +5581,8 @@ int len;
# endif
{
# ifdef HAVE_M_PULLDOWN
- m = m_pulldown(m, 0, len, NULL);
+ if (m_pulldown(m, 0, len, NULL) == NULL)
+ m = NULL;
# else
FREE_MB_T(m);
m = NULL;
--PEIAKu/WMn1b1Hv9--