diff options
author | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-07-29 23:02:53 +0000 |
---|---|---|
committer | Jun-ichiro itojun Hagino <itojun@cvs.openbsd.org> | 2003-07-29 23:02:53 +0000 |
commit | 8cf6c14ab466f2ab0418b40dc8f200016ceb36a0 (patch) | |
tree | 6e88fb7c4a4927d7cefd8d0fc50ac9d6b33dcaa7 | |
parent | e81bb42d5be782a9eda9f3e77ed811b0d7b34691 (diff) |
avoid stack smash on FDDI case. found by kernel propolice.
markus ok. miod/paul confirmed
-rw-r--r-- | sys/net/bpf.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 0efa7aa8b6d..f2e09c84d78 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.36 2003/06/18 22:47:54 henning Exp $ */ +/* $OpenBSD: bpf.c,v 1.37 2003/07/29 23:02:52 itojun Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -489,7 +489,7 @@ bpfwrite(dev, uio, ioflag) struct ifnet *ifp; struct mbuf *m; int error, s; - struct sockaddr dst; + struct sockaddr_storage dst; if (d->bd_bif == 0) return (ENXIO); @@ -499,7 +499,8 @@ bpfwrite(dev, uio, ioflag) if (uio->uio_resid == 0) return (0); - error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst); + error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, + (struct sockaddr *)&dst); if (error) return (error); @@ -509,10 +510,11 @@ bpfwrite(dev, uio, ioflag) } if (d->bd_hdrcmplt) - dst.sa_family = pseudo_AF_HDRCMPLT; + dst.ss_family = pseudo_AF_HDRCMPLT; s = splsoftnet(); - error = (*ifp->if_output)(ifp, m, &dst, (struct rtentry *)0); + error = (*ifp->if_output)(ifp, m, (struct sockaddr *)&dst, + (struct rtentry *)0); splx(s); /* * The driver frees the mbuf. |