[src/trunk]: src/sys/net Apply same bounds checks for BPF_LD|BPF_B|BPF_IND as...

[alnsn <alnsn%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/442172c7a06d
branches:  trunk
changeset: 772321:442172c7a06d
user:      alnsn <alnsn%NetBSD.org@localhost>
date:      Thu Dec 29 23:47:21 2011 +0000

description:
Apply same bounds checks for BPF_LD|BPF_B|BPF_IND as for
BPF_LD|BPF_H|BPF_IND and BPF_LD|BPF_W|BPF_IND.

>From FreeBSD r48548, the original r45574 had a typo.

diffstat:

 sys/net/bpf_filter.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r e1714e93e94b -r 442172c7a06d sys/net/bpf_filter.c
--- a/sys/net/bpf_filter.c      Thu Dec 29 22:58:27 2011 +0000
+++ b/sys/net/bpf_filter.c      Thu Dec 29 23:47:21 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bpf_filter.c,v 1.49 2011/12/29 20:50:06 christos Exp $ */
+/*     $NetBSD: bpf_filter.c,v 1.50 2011/12/29 23:47:21 alnsn Exp $    */
 
 /*-
  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.49 2011/12/29 20:50:06 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.50 2011/12/29 23:47:21 alnsn Exp $");
 
 #if 0
 #if !(defined(lint) || defined(KERNEL))
@@ -274,7 +274,7 @@
 
                case BPF_LD|BPF_B|BPF_IND:
                        k = X + pc->k;
-                       if (k >= buflen) {
+                       if (pc->k >= buflen || X >= buflen - pc->k) {
 #ifdef _KERNEL
                                const struct mbuf *m;
                                int len;