Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Sep 2009 16:50:04 GMT
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 169017 for review
Message-ID:  <200909291650.n8TGo42d005293@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=169017

Change 169017 by hselasky@hselasky_laptop001 on 2009/09/29 16:49:42

	
	USB ethernet:
	 - correct some bugs in the NCM implementation.

Affected files ...

.. //depot/projects/usb/src/sys/dev/usb/net/if_cdce.c#22 edit

Differences ...

==== //depot/projects/usb/src/sys/dev/usb/net/if_cdce.c#22 (text+ko) ====

@@ -1088,7 +1088,7 @@
 	sc->sc_ncm.hdr.dwSignature[2] = 'M';
 	sc->sc_ncm.hdr.dwSignature[3] = 'H';
 	USETW(sc->sc_ncm.hdr.wHeaderLength, sizeof(sc->sc_ncm.hdr));
-	USETW(sc->sc_ncm.hdr.wBlockLength, offset);
+	USETW(sc->sc_ncm.hdr.wBlockLength, last_offset);
 	USETW(sc->sc_ncm.hdr.wSequence, sc->sc_ncm.tx_seq);
 	USETW(sc->sc_ncm.hdr.wDptIndex, sizeof(sc->sc_ncm.hdr));
 
@@ -1243,25 +1243,24 @@
 
 			offset = UGETW(sc->sc_ncm.dp[x].wFrameIndex);
 			temp = UGETW(sc->sc_ncm.dp[x].wFrameLength);
-			if ((offset + temp) > actlen) {
-				DPRINTFN(1, "invalid frame detected (ignored)\n");
+
+			if ((offset == 0) ||
+			    (temp < sizeof(struct ether_header)) ||
+			    (temp > (MCLBYTES - ETHER_ALIGN))) {
+				DPRINTFN(1, "NULL frame detected at %d\n", x);
+				m = NULL;
+				/* silently ignore this frame */
+				continue;
+			} else if ((offset + temp) > actlen) {
+				DPRINTFN(1, "invalid frame "
+				    "detected at %d\n", x);
 				m = NULL;
-
-			} else if (temp >= sizeof(struct ether_header)) {
-				/*
-				 * allocate a suitable memory buffer, if
-				 * possible
-				 */
-				if (temp > (MCLBYTES - ETHER_ALIGN)) {
-					m = NULL;
-					continue;
-				} if (temp > (MHLEN - ETHER_ALIGN)) {
-					m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
-				} else {
-					m = m_gethdr(M_DONTWAIT, MT_DATA);
-				}
+				/* silently ignore this frame */
+				continue;
+			} else if (temp > (MHLEN - ETHER_ALIGN)) {
+				m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
 			} else {
-				m = NULL;	/* dump it */
+				m = m_gethdr(M_DONTWAIT, MT_DATA);
 			}
 
 			DPRINTFN(16, "frame %u, offset = %u, length = %u \n",

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909291650.n8TGo42d005293>