diff options
| author | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2016-10-11 11:40:13 +0000 |
|---|---|---|
| committer | Mike Belopuhov <mikeb@cvs.openbsd.org> | 2016-10-11 11:40:13 +0000 |
| commit | 14b61fa386500850d6df6ed4603d4abd2c4f2641 (patch) | |
| tree | c3e46a8811325a0c5ae38cad11357d65068ed8fe /sys | |
| parent | b3d5caf0924495bb61ff8f3aed127032d86df822 (diff) | |
Strengthen Ethernet packet length checks on input; ok dlg
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/if_ethersubr.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 185c23e2f6b..56376f2020c 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.240 2016/10/10 02:44:17 dlg Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.241 2016/10/11 11:40:12 mikeb Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -319,6 +319,10 @@ ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie) struct ether_header *eh_tmp; #endif + /* Drop short frames */ + if (m->m_len < ETHER_HDR_LEN) + goto dropanyway; + ac = (struct arpcom *)ifp; eh = mtod(m, struct ether_header *); m_adj(m, ETHER_HDR_LEN); @@ -435,7 +439,8 @@ decapsulate: return (1); #endif default: - if (llcfound || etype > ETHERMTU) + if (llcfound || etype > ETHERMTU || + m->m_len < sizeof(struct llc)) goto dropanyway; llcfound = 1; l = mtod(m, struct llc *); |