[src/trunk]: src/sys/net PR/45751: Alexander Nasonov: No overflow check in BP...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/net PR/45751: Alexander Nasonov: No overflow check in BP...
From: christos <christos%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 21:53:55 +0000

details:   https://anonhg.NetBSD.org/src/rev/82bf30aae670
branches:  trunk
changeset: 772317:82bf30aae670
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Dec 29 20:50:06 2011 +0000

description:
PR/45751: Alexander Nasonov: No overflow check in BPF_LD|BPF_ABS

diffstat:

 sys/net/bpf_filter.c |  14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diffs (56 lines):

diff -r 5e4d4bf8ce03 -r 82bf30aae670 sys/net/bpf_filter.c
--- a/sys/net/bpf_filter.c      Thu Dec 29 20:14:39 2011 +0000
+++ b/sys/net/bpf_filter.c      Thu Dec 29 20:50:06 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bpf_filter.c,v 1.48 2011/07/14 12:44:10 drochner Exp $ */
+/*     $NetBSD: bpf_filter.c,v 1.49 2011/12/29 20:50:06 christos Exp $ */
 
 /*-
  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.48 2011/07/14 12:44:10 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.49 2011/12/29 20:50:06 christos Exp $");
 
 #if 0
 #if !(defined(lint) || defined(KERNEL))
@@ -168,7 +168,7 @@
 
                case BPF_LD|BPF_W|BPF_ABS:
                        k = pc->k;
-                       if (k + sizeof(int32_t) > buflen) {
+                       if (k > buflen || sizeof(int32_t) > buflen - k) {
 #ifdef _KERNEL
                                int merr = 0;   /* XXX: GCC */
 
@@ -187,7 +187,7 @@
 
                case BPF_LD|BPF_H|BPF_ABS:
                        k = pc->k;
-                       if (k + sizeof(int16_t) > buflen) {
+                       if (k > buflen || sizeof(int16_t) > buflen - k) {
 #ifdef _KERNEL
                                int merr;
 
@@ -234,7 +234,8 @@
 
                case BPF_LD|BPF_W|BPF_IND:
                        k = X + pc->k;
-                       if (k + sizeof(int32_t) > buflen) {
+                       if (pc->k > buflen || X > buflen - pc->k ||
+                           sizeof(int32_t) > buflen - k) {
 #ifdef _KERNEL
                                int merr = 0;   /* XXX: GCC */
 
@@ -253,7 +254,8 @@
 
                case BPF_LD|BPF_H|BPF_IND:
                        k = X + pc->k;
-                       if (k + sizeof(int16_t) > buflen) {
+                       if (pc->k > buflen || X > buflen - pc->k ||
+                           sizeof(int16_t) > buflen - k) {
 #ifdef _KERNEL
                                int merr = 0;   /* XXX: GCC */

Prev by Date: [src/trunk]: src/sys/dev/pci finish device_t-ification
Next by Date: [src/trunk]: src/sys/arch/hppa/hppa No need for sync_caches - f[di]cache alre...
Previous by Thread: [src/trunk]: src/sys/dev/pci finish device_t-ification
Next by Thread: [src/trunk]: src/sys/arch/hppa/hppa No need for sync_caches - f[di]cache alre...
Indexes:

Home | Main Index | Thread Index | Old Index