[src/netbsd-3-0]: src/sys/net Pull up revision 1.88 via patch (requested by m...

[jdc <jdc%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/efa785aef95d
branches:  netbsd-3-0
changeset: 579491:efa785aef95d
user:      jdc <jdc%NetBSD.org@localhost>
date:      Fri Aug 08 15:05:59 2008 +0000

description:
Pull up revision 1.88 via patch (requested by martin in ticket #1953).

Apply patch from Yasuoka Masahiko in PR kern/39321: fix length check
when parsing pppoe discovery phase packets.

diffstat:

 sys/net/if_pppoe.c |  9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diffs (37 lines):

diff -r 4a98b86b3757 -r efa785aef95d sys/net/if_pppoe.c
--- a/sys/net/if_pppoe.c        Thu Jul 24 22:21:51 2008 +0000
+++ b/sys/net/if_pppoe.c        Fri Aug 08 15:05:59 2008 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.59.4.1 2006/11/19 17:52:18 bouyer Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.59.4.2 2008/08/08 15:05:59 jdc Exp $ */
 
 /*-
  * Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.59.4.1 2006/11/19 17:52:18 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.59.4.2 2008/08/08 15:05:59 jdc Exp $");
 
 #include "pppoe.h"
 #include "bpfilter.h"
@@ -490,7 +490,7 @@
                pt = (struct pppoetag *)(mtod(n, caddr_t) + noff);
                tag = ntohs(pt->tag);
                len = ntohs(pt->len);
-               if (off + len > m->m_pkthdr.len) {
+               if (off + len + sizeof(*pt) > m->m_pkthdr.len) {
                        printf("pppoe: tag 0x%x len 0x%x is too long\n",
                            tag, len);
                        goto done;
@@ -699,7 +699,8 @@
        }
 
 done:
-       m_freem(m);
+       if (m)
+               m_freem(m);
        return;
 }