Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/dev/usb Add a check in smsc_tx_prepare for the mbuf bein...
details: https://anonhg.NetBSD.org/src/rev/ea6ae22e32f6
branches: trunk
changeset: 458803:ea6ae22e32f6
user: skrll <skrll%NetBSD.org@localhost>
date: Sun Aug 11 06:54:14 2019 +0000
description:
Add a check in smsc_tx_prepare for the mbuf being too big. Discussed
with mrg@
diffstat:
sys/dev/usb/if_smsc.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diffs (42 lines):
diff -r bb1e43583354 -r ea6ae22e32f6 sys/dev/usb/if_smsc.c
--- a/sys/dev/usb/if_smsc.c Sun Aug 11 06:49:31 2019 +0000
+++ b/sys/dev/usb/if_smsc.c Sun Aug 11 06:54:14 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_smsc.c,v 1.51 2019/08/10 02:17:36 mrg Exp $ */
+/* $NetBSD: if_smsc.c,v 1.52 2019/08/11 06:54:14 skrll Exp $ */
/* $OpenBSD: if_smsc.c,v 1.4 2012/09/27 12:38:11 jsg Exp $ */
/* $FreeBSD: src/sys/dev/usb/net/if_smsc.c,v 1.1 2012/08/15 04:03:55 gonzo Exp $ */
@@ -61,7 +61,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_smsc.c,v 1.51 2019/08/10 02:17:36 mrg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_smsc.c,v 1.52 2019/08/11 06:54:14 skrll Exp $");
#ifdef _KERNEL_OPT
#include "opt_usb.h"
@@ -1048,6 +1048,11 @@
usbnet_isowned_tx(un);
+ const size_t hdrsz = sizeof(txhdr) * 2;
+
+ if ((unsigned)m->m_pkthdr.len > un->un_tx_bufsz - hdrsz)
+ return 0;
+
/*
* Each frame is prefixed with two 32-bit values describing the
* length of the packet and buffer.
@@ -1059,9 +1064,9 @@
txhdr = SMSC_TX_CTRL_1_PKT_LENGTH(m->m_pkthdr.len);
txhdr = htole32(txhdr);
- memcpy(c->unc_buf + 4, &txhdr, sizeof(txhdr));
+ memcpy(c->unc_buf + sizeof(txhdr), &txhdr, sizeof(txhdr));
- frm_len += 8;
+ frm_len += hdrsz;
/* Next copy in the actual packet */
m_copydata(m, 0, m->m_pkthdr.len, c->unc_buf + frm_len);
Home |
Main Index |
Thread Index |
Old Index