Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net Loads at offsets UINT32_MAX or greater are unreachable.
details: https://anonhg.NetBSD.org/src/rev/11c03046841e
branches: trunk
changeset: 329428:11c03046841e
user: alnsn <alnsn%NetBSD.org@localhost>
date: Fri May 23 19:51:16 2014 +0000
description:
Loads at offsets UINT32_MAX or greater are unreachable.
diffstat:
sys/net/bpfjit.c | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diffs (39 lines):
diff -r 61c49406c22b -r 11c03046841e sys/net/bpfjit.c
--- a/sys/net/bpfjit.c Fri May 23 19:35:24 2014 +0000
+++ b/sys/net/bpfjit.c Fri May 23 19:51:16 2014 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bpfjit.c,v 1.9 2014/05/23 19:11:22 alnsn Exp $ */
+/* $NetBSD: bpfjit.c,v 1.10 2014/05/23 19:51:16 alnsn Exp $ */
/*-
* Copyright (c) 2011-2014 Alexander Nasonov.
@@ -31,9 +31,9 @@
#include <sys/cdefs.h>
#ifdef _KERNEL
-__KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.9 2014/05/23 19:11:22 alnsn Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpfjit.c,v 1.10 2014/05/23 19:51:16 alnsn Exp $");
#else
-__RCSID("$NetBSD: bpfjit.c,v 1.9 2014/05/23 19:11:22 alnsn Exp $");
+__RCSID("$NetBSD: bpfjit.c,v 1.10 2014/05/23 19:51:16 alnsn Exp $");
#endif
#include <sys/types.h>
@@ -945,6 +945,7 @@
struct bpfjit_jump *jtf;
size_t i;
uint32_t jt, jf;
+ bpfjit_abc_length_t length;
bpfjit_init_mask_t invalid; /* borrowed from bpf_filter() */
bool unreachable;
@@ -964,6 +965,9 @@
invalid |= insn_dat[i].invalid;
+ if (read_pkt_insn(&insns[i], &length) && length > UINT32_MAX)
+ unreachable = true;
+
switch (BPF_CLASS(insns[i].code)) {
case BPF_RET:
if (BPF_RVAL(insns[i].code) == BPF_A)
Home |
Main Index |
Thread Index |
Old Index