Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()

To: gnats-bugs%netbsd.org@localhost
Subject: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
From: Guy Harris <guy%alum.mit.edu@localhost>
Date: Wed, 21 Apr 2010 02:12:12 -0700

On Apr 21, 2010, at 1:45 AM, Martin Husemann wrote:

> The following reply was made to PR kern/43185; it has been noted by GNATS.
> 
> From: Martin Husemann <martin%duskware.de@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc: 
> Subject: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use 
> BPF_SRC()
> Date: Wed, 21 Apr 2010 10:41:31 +0200
> 
> Yeah, that looks correct. Do you happen to have a test case demonstrating
> the failure?

I don't have a NetBSD VM on which to try this, and I'm not sure why I'm not 
getting a crash on my OpenBSD 4.2 VM (OpenBSD has the same bug), but a live 
tcpdump capture with a filter of "link[0:4]/0 = 2" *should* get the filter 
rejected:

(000) ld       [0]
(001) div      #0
(002) jeq      #0x2             jt 3    jf 4
(003) ret      #65535
(004) ret      #0

but it doesn't (at least not on OpenBSD 4.2 - the NetBSD bpf_validate() has the 
same code).

Follow-Ups:
- Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
  - From: Guy Harris

References:
- Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
  - From: Martin Husemann

Prev by Date: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
Next by Date: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
Previous by Thread: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
Next by Thread: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()
Indexes:

Home | Main Index | Thread Index | Old Index