[src/netbsd-9]: src/sys/net Pull up following revision(s) (requested by maxv ...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7e223c6166c0
branches:  netbsd-9
changeset: 455405:7e223c6166c0
user:      martin <martin%NetBSD.org@localhost>
date:      Wed Oct 16 09:46:55 2019 +0000

description:
Pull up following revision(s) (requested by maxv in ticket #335):

        sys/net/bpf.c: revision 1.230
        sys/net/bpf.c: revision 1.231

Add KASSERT to catch bugs. Something tells me it could easily fire.

 -

As I suspected, the KASSERT I added yesterday can fire if we try to process
zero-sized packets. Skip them to prevent a type confusion that can trigger
random page faults later.

diffstat:

 sys/net/bpf.c |  10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diffs (35 lines):

diff -r d2e0dd246d51 -r 7e223c6166c0 sys/net/bpf.c
--- a/sys/net/bpf.c     Tue Oct 15 19:44:45 2019 +0000
+++ b/sys/net/bpf.c     Wed Oct 16 09:46:55 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $   */
+/*     $NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $     */
 
 /*
  * Copyright (c) 1990, 1991, 1993
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229 2019/07/10 17:55:33 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.229.2.1 2019/10/16 09:46:55 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_bpf.h"
@@ -1676,10 +1676,16 @@
 
        pktlen = m_length(m);
 
+       /* Skip zero-sized packets. */
+       if (__predict_false(pktlen == 0)) {
+               return;
+       }
+
        if (pktlen == m->m_len) {
                cpfn = (void *)memcpy;
                marg = mtod(m, void *);
                buflen = pktlen;
+               KASSERT(buflen != 0);
        } else {
                cpfn = bpf_mcpy;
                marg = m;