diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2014-09-19 11:43:32 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2014-09-19 11:43:32 +0000 |
| commit | 6d8dc39592d632a89f7eabce1482c43c99d15567 (patch) | |
| tree | 8468ee2fa8728820760b3279861ac7f86308c164 | |
| parent | b438a44a34b569f3c9ab9479e5dcadd0fa9cd0f1 (diff) | |
better boundchecks in validation; from Guy Harris; ok millert@ dlg@
| -rw-r--r-- | sys/net/bpf_filter.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/sys/net/bpf_filter.c b/sys/net/bpf_filter.c index 72c2d3e0ac2..755e4a5a794 100644 --- a/sys/net/bpf_filter.c +++ b/sys/net/bpf_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf_filter.c,v 1.25 2014/09/18 10:44:37 dlg Exp $ */ +/* $OpenBSD: bpf_filter.c,v 1.26 2014/09/19 11:43:31 otto Exp $ */ /* $NetBSD: bpf_filter.c,v 1.12 1996/02/13 22:00:00 christos Exp $ */ /* @@ -181,7 +181,7 @@ bpf_filter(struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) case BPF_LD|BPF_W|BPF_ABS: k = pc->k; - if (k + sizeof(int32_t) > buflen) { + if (k > buflen || sizeof(int32_t) > buflen - k) { #ifdef _KERNEL int merr; @@ -200,7 +200,7 @@ bpf_filter(struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) case BPF_LD|BPF_H|BPF_ABS: k = pc->k; - if (k + sizeof(int16_t) > buflen) { + if (k > buflen || sizeof(int16_t) > buflen - k) { #ifdef _KERNEL int merr; @@ -247,7 +247,7 @@ bpf_filter(struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) case BPF_LD|BPF_W|BPF_IND: k = X + pc->k; - if (k + sizeof(int32_t) > buflen) { + if (k > buflen || sizeof(int32_t) > buflen - k) { #ifdef _KERNEL int merr; @@ -266,7 +266,7 @@ bpf_filter(struct bpf_insn *pc, u_char *p, u_int wirelen, u_int buflen) case BPF_LD|BPF_H|BPF_IND: k = X + pc->k; - if (k + sizeof(int16_t) > buflen) { + if (k > buflen || sizeof(int16_t) > buflen - k) { #ifdef _KERNEL int merr; |