[src/bouyer-socketcan]: src/sys/netcan more sanity checks on the mbuf we get.

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/59ce0275fe0a
branches:  bouyer-socketcan
changeset: 820827:59ce0275fe0a
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Sun Feb 05 19:44:53 2017 +0000

description:
more sanity checks on the mbuf we get.

diffstat:

 sys/netcan/can.c     |  11 +++++++++--
 sys/netcan/can_pcb.c |   7 +++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diffs (60 lines):

diff -r ba7d49ac0a5f -r 59ce0275fe0a sys/netcan/can.c
--- a/sys/netcan/can.c  Sun Feb 05 17:37:10 2017 +0000
+++ b/sys/netcan/can.c  Sun Feb 05 19:44:53 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: can.c,v 1.1.2.5 2017/02/05 17:37:10 bouyer Exp $       */
+/*     $NetBSD: can.c,v 1.1.2.6 2017/02/05 19:44:53 bouyer Exp $       */
 
 /*-
  * Copyright (c) 2003, 2017 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: can.c,v 1.1.2.5 2017/02/05 17:37:10 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: can.c,v 1.1.2.6 2017/02/05 19:44:53 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -493,6 +493,13 @@
        if (control && control->m_len) {
                return EINVAL;
        }
+       if (m->m_len > sizeof(struct can_frame) ||
+          m->m_len < offsetof(struct can_frame, can_dlc))
+               return EINVAL;
+
+       /* we expect all data in the first mbuf */
+       KASSERT((m->m_flags & M_PKTHDR) != 0);
+       KASSERT(m->m_len == m->m_pkthdr.len);
 
        if (nam) {
                if ((so->so_state & SS_ISCONNECTED) != 0) {
diff -r ba7d49ac0a5f -r 59ce0275fe0a sys/netcan/can_pcb.c
--- a/sys/netcan/can_pcb.c      Sun Feb 05 17:37:10 2017 +0000
+++ b/sys/netcan/can_pcb.c      Sun Feb 05 19:44:53 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: can_pcb.c,v 1.1.2.2 2017/02/05 10:56:12 bouyer Exp $   */
+/*     $NetBSD: can_pcb.c,v 1.1.2.3 2017/02/05 19:44:53 bouyer Exp $   */
 
 /*-
  * Copyright (c) 2003, 2017 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: can_pcb.c,v 1.1.2.2 2017/02/05 10:56:12 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: can_pcb.c,v 1.1.2.3 2017/02/05 19:44:53 bouyer Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -332,6 +332,9 @@
        struct can_frame *fmp;
        struct can_filter *fip;
 
+       KASSERT((m->m_flags & M_PKTHDR) != 0);
+       KASSERT(m->m_len == m->m_pkthdr.len);
+
        fmp = mtod(m, struct can_frame *);
        for (i = 0; i < canp->canp_nfilters; i++) {
                fip = &canp->canp_filters[i];