Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-8]: src/sys/net Pull up following revision(s) (requested by maxv ...



details:   https://anonhg.NetBSD.org/src/rev/bc531a1a0121
branches:  netbsd-8
changeset: 434534:bc531a1a0121
user:      snj <snj%NetBSD.org@localhost>
date:      Tue Jan 09 19:23:04 2018 +0000

description:
Pull up following revision(s) (requested by maxv in ticket #480):
        sys/net/if_ethersubr.c: revision 1.249
Make sure we have an llc structure in the packet, and don't read past the
end of the mbuf if we don't. I'm wondering whether we should not pull up
instead, but whatever.

diffstat:

 sys/net/if_ethersubr.c |  9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diffs (38 lines):

diff -r 702ec2516d3e -r bc531a1a0121 sys/net/if_ethersubr.c
--- a/sys/net/if_ethersubr.c    Tue Jan 09 19:20:17 2018 +0000
+++ b/sys/net/if_ethersubr.c    Tue Jan 09 19:23:04 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_ethersubr.c,v 1.242.6.2 2018/01/02 10:20:33 snj Exp $       */
+/*     $NetBSD: if_ethersubr.c,v 1.242.6.3 2018/01/09 19:23:04 snj Exp $       */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.2 2018/01/02 10:20:33 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.242.6.3 2018/01/09 19:23:04 snj Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -833,6 +833,9 @@
                }
        } else {
 #if defined (LLC) || defined (NETATALK)
+               if (m->m_len < ehlen + sizeof(struct llc)) {
+                       goto dropanyway;
+               }
                l = (struct llc *)(eh+1);
                switch (l->llc_dsap) {
 #ifdef NETATALK
@@ -869,8 +872,8 @@
                                goto dropanyway;
                        }
                        break;
+#endif
                dropanyway:
-#endif
                default:
                        m_freem(m);
                        return;



Home | Main Index | Thread Index | Old Index