diff options
| author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2017-04-18 13:44:04 +0000 |
|---|---|---|
| committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2017-04-18 13:44:04 +0000 |
| commit | 31af2377376fa904ea43f064ba031c5a8413325f (patch) | |
| tree | 2ed48a4661b9b48bc9a59181b0a45bb5fdd1787e /sbin | |
| parent | 0abf541cb35a61bbd67f2e5fe3f2e70c195c9778 (diff) | |
After 11 years of pondering about it I think that brookdavis@freebsd.org
had it correct. Don't BPF_WORDALIGN() the value for the number of
bytes read() into the buffer. This could theoretically cause the
processing of 1 - 3 more bytes than were read.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/dhclient/bpf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/dhclient/bpf.c b/sbin/dhclient/bpf.c index bd0463dfab1..03a56e8a444 100644 --- a/sbin/dhclient/bpf.c +++ b/sbin/dhclient/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.47 2017/02/12 15:53:15 krw Exp $ */ +/* $OpenBSD: bpf.c,v 1.48 2017/04/18 13:44:03 krw Exp $ */ /* BPF socket interface code, originally contributed by Archie Cobbs. */ @@ -350,12 +350,12 @@ receive_packet(struct interface_info *ifi, struct sockaddr_in *from, */ do { /* If the buffer is empty, fill it. */ - if (ifi->rbuf_offset == ifi->rbuf_len) { + if (ifi->rbuf_offset >= ifi->rbuf_len) { length = read(ifi->bfdesc, ifi->rbuf, ifi->rbuf_max); if (length <= 0) return (length); ifi->rbuf_offset = 0; - ifi->rbuf_len = BPF_WORDALIGN(length); + ifi->rbuf_len = length; } /* |