From 14b61fa386500850d6df6ed4603d4abd2c4f2641 Mon Sep 17 00:00:00 2001 From: Mike Belopuhov Date: Tue, 11 Oct 2016 11:40:13 +0000 Subject: Strengthen Ethernet packet length checks on input; ok dlg --- sys/net/if_ethersubr.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'sys') diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c index 185c23e2f6b..56376f2020c 100644 --- a/sys/net/if_ethersubr.c +++ b/sys/net/if_ethersubr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_ethersubr.c,v 1.240 2016/10/10 02:44:17 dlg Exp $ */ +/* $OpenBSD: if_ethersubr.c,v 1.241 2016/10/11 11:40:12 mikeb Exp $ */ /* $NetBSD: if_ethersubr.c,v 1.19 1996/05/07 02:40:30 thorpej Exp $ */ /* @@ -319,6 +319,10 @@ ether_input(struct ifnet *ifp, struct mbuf *m, void *cookie) struct ether_header *eh_tmp; #endif + /* Drop short frames */ + if (m->m_len < ETHER_HDR_LEN) + goto dropanyway; + ac = (struct arpcom *)ifp; eh = mtod(m, struct ether_header *); m_adj(m, ETHER_HDR_LEN); @@ -435,7 +439,8 @@ decapsulate: return (1); #endif default: - if (llcfound || etype > ETHERMTU) + if (llcfound || etype > ETHERMTU || + m->m_len < sizeof(struct llc)) goto dropanyway; llcfound = 1; l = mtod(m, struct llc *); -- cgit v1.2.3