[src/trunk]: src/sys/net correct tcp header chasing in pp_fastq processing. s...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/56e2bbbdff25
branches:  trunk
changeset: 533661:56e2bbbdff25
user:      itojun <itojun%NetBSD.org@localhost>
date:      Sat Jul 06 18:33:45 2002 +0000

description:
correct tcp header chasing in pp_fastq processing. should fix kern/17491.

diffstat:

 sys/net/if_spppsubr.c |  39 ++++++++++++++++++++++-----------------
 1 files changed, 22 insertions(+), 17 deletions(-)

diffs (76 lines):

diff -r d650beea9eaf -r 56e2bbbdff25 sys/net/if_spppsubr.c
--- a/sys/net/if_spppsubr.c     Sat Jul 06 18:21:43 2002 +0000
+++ b/sys/net/if_spppsubr.c     Sat Jul 06 18:33:45 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_spppsubr.c,v 1.47 2002/05/29 01:38:46 itojun Exp $   */
+/*     $NetBSD: if_spppsubr.c,v 1.48 2002/07/06 18:33:45 itojun Exp $   */
 
 /*
  * Synchronous PPP/Cisco link level subroutines.
@@ -28,7 +28,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.47 2002/05/29 01:38:46 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_spppsubr.c,v 1.48 2002/07/06 18:33:45 itojun Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipx.h"
@@ -707,11 +707,20 @@
        IFQ_CLASSIFY(&ifp->if_snd, m, dst->sa_family, &pktattr);
 
 #ifdef INET
-       if (dst->sa_family == AF_INET)
-       {
-               /* Check mbuf length here??? */
-               struct ip *ip = mtod (m, struct ip*);
-               struct tcphdr *tcp = (struct tcphdr*) ((int32_t*)ip + ip->ip_hl);
+       if (dst->sa_family == AF_INET) {
+               struct ip *ip = NULL;
+               struct tcphdr *th = NULL;
+
+               if (m->m_len >= sizeof(struct ip)) {
+                       ip = mtod (m, struct ip*);
+                       if (ip->ip_p == IPPROTO_TCP &&
+                           m->m_len >= sizeof(struct ip) + (ip->ip_hl << 2) +
+                           sizeof(struct tcphdr)) {
+                               th = (struct tcphdr *)
+                                   ((caddr_t)ip + (ip->ip_hl << 2));
+                       }
+               } else
+                       ip = NULL;
 
                /*
                 * When using dynamic local IP address assignment by using
@@ -723,12 +732,10 @@
                 * - don't let packets with src ip addr 0 thru
                 * - we flag TCP packets with src ip 0 as an error
                 */     
-
-               if(ip->ip_src.s_addr == INADDR_ANY)     /* -hm */
-               {
+               if (ip && ip->ip_src.s_addr == INADDR_ANY) {
                        m_freem(m);
                        splx(s);
-                       if(ip->ip_p == IPPROTO_TCP)
+                       if (ip->ip_p == IPPROTO_TCP)
                                return(EADDRNOTAVAIL);
                        else
                                return(0);
@@ -739,12 +746,10 @@
                 * in front of the queue.
                 */
                 
-               if (! IF_QFULL (&sp->pp_fastq) &&
-                   ((ip->ip_tos & IPTOS_LOWDELAY) ||
-                   ((ip->ip_p == IPPROTO_TCP &&
-                   m->m_len >= sizeof (struct ip) + sizeof (struct tcphdr) &&
-                   (INTERACTIVE (ntohs (tcp->th_sport)))) ||
-                   INTERACTIVE (ntohs (tcp->th_dport)))))
+               if (!IF_QFULL(&sp->pp_fastq) &&
+                   ((ip && (ip->ip_tos & IPTOS_LOWDELAY)) ||
+                    (th && (INTERACTIVE(ntohs(th->th_sport)) ||
+                     INTERACTIVE(ntohs(th->th_dport))))))
                        ifq = &sp->pp_fastq;
        }
 #endif