>Number:         4190
>Category:       kern
>Synopsis:       if_de and bpf can cause kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 29 17:05:01 1997
>Last-Modified:
>Originator:     Matthias Scheler
>Organization:
Mario Kemper Maintenace Project
>Release:        970923
>Environment:
NetBSD colwyn 1.2G NetBSD 1.2G (COLWYN) #1: Tue Sep 30 01:36:42 MEST 1997     tron@colwyn:/home/src/sys/arch/i386/compile/COLWYN i386

>Description:
Under certain conditions "if_de.c" calls bpf_mtap() with a null pointer
as argument for "struct mbuf *m". Because other network interface drivers
seem to share this problem a NULL pointer check in bpf_mtap() is IMHO
the best sollution.

>How-To-Repeat:
Boot a system with two unplugged DEC 21x4x based ethernet cards and start
"dhcpd" via "/etc/rc". The system will panic with a VM fault in "m_xhalf".

>Fix:
*** src/sys/net/bpf.c.orig	Mon Mar 17 13:33:08 1997
--- src/sys/net/bpf.c	Tue Sep 30 01:36:13 1997
*************** bpf_mtap(arg, m)
*** 1075,1080 ****
--- 1075,1082 ----
  	size_t pktlen, slen;
  	struct mbuf *m0;
  
+ 	if (m == 0) return;
+ 
  	pktlen = 0;
  	for (m0 = m; m0 != 0; m0 = m0->m_next)
  		pktlen += m0->m_len;
>Audit-Trail:
>Unformatted: