From owner-svn-src-all@FreeBSD.ORG Thu Oct 15 20:15:29 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C5904106566C; Thu, 15 Oct 2009 20:15:29 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 9BD458FC1C; Thu, 15 Oct 2009 20:15:29 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n9FKFTXN083520; Thu, 15 Oct 2009 20:15:29 GMT (envelope-from thompsa@svn.freebsd.org) Received: (from thompsa@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n9FKFTEQ083518; Thu, 15 Oct 2009 20:15:29 GMT (envelope-from thompsa@svn.freebsd.org) Message-Id: <200910152015.n9FKFTEQ083518@svn.freebsd.org> From: Andrew Thompson Date: Thu, 15 Oct 2009 20:15:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r198153 - head/sys/dev/usb/net X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Oct 2009 20:15:29 -0000 Author: thompsa Date: Thu Oct 15 20:15:29 2009 New Revision: 198153 URL: http://svn.freebsd.org/changeset/base/198153 Log: Correct offset calcluation for the NCM implementation. Submitted by: HPS Modified: head/sys/dev/usb/net/if_cdce.c Modified: head/sys/dev/usb/net/if_cdce.c ============================================================================== --- head/sys/dev/usb/net/if_cdce.c Thu Oct 15 20:09:27 2009 (r198152) +++ head/sys/dev/usb/net/if_cdce.c Thu Oct 15 20:15:29 2009 (r198153) @@ -1088,7 +1088,7 @@ cdce_ncm_fill_tx_frames(struct usb_xfer sc->sc_ncm.hdr.dwSignature[2] = 'M'; sc->sc_ncm.hdr.dwSignature[3] = 'H'; USETW(sc->sc_ncm.hdr.wHeaderLength, sizeof(sc->sc_ncm.hdr)); - USETW(sc->sc_ncm.hdr.wBlockLength, offset); + USETW(sc->sc_ncm.hdr.wBlockLength, last_offset); USETW(sc->sc_ncm.hdr.wSequence, sc->sc_ncm.tx_seq); USETW(sc->sc_ncm.hdr.wDptIndex, sizeof(sc->sc_ncm.hdr)); @@ -1243,25 +1243,24 @@ cdce_ncm_bulk_read_callback(struct usb_x offset = UGETW(sc->sc_ncm.dp[x].wFrameIndex); temp = UGETW(sc->sc_ncm.dp[x].wFrameLength); - if ((offset + temp) > actlen) { - DPRINTFN(1, "invalid frame detected (ignored)\n"); - m = NULL; - } else if (temp >= sizeof(struct ether_header)) { - /* - * allocate a suitable memory buffer, if - * possible - */ - if (temp > (MCLBYTES - ETHER_ALIGN)) { - m = NULL; - continue; - } if (temp > (MHLEN - ETHER_ALIGN)) { - m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); - } else { - m = m_gethdr(M_DONTWAIT, MT_DATA); - } + if ((offset == 0) || + (temp < sizeof(struct ether_header)) || + (temp > (MCLBYTES - ETHER_ALIGN))) { + DPRINTFN(1, "NULL frame detected at %d\n", x); + m = NULL; + /* silently ignore this frame */ + continue; + } else if ((offset + temp) > actlen) { + DPRINTFN(1, "invalid frame " + "detected at %d\n", x); + m = NULL; + /* silently ignore this frame */ + continue; + } else if (temp > (MHLEN - ETHER_ALIGN)) { + m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); } else { - m = NULL; /* dump it */ + m = m_gethdr(M_DONTWAIT, MT_DATA); } DPRINTFN(16, "frame %u, offset = %u, length = %u \n",