Date: Sat, 8 Apr 2000 22:34:40 -0500 (EST) From: "C. Stephen Gunn" <csg@dustdevil.waterspout.com> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/17872: arpintr() fix followup Message-ID: <200004090334.WAA05395@dustdevil.waterspout.com>
next in thread | raw e-mail | index | archive | help
>Number: 17872
>Category: kern
>Synopsis: arpintr() fix followup
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Apr 8 20:30:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: C. Stephen Gunn
>Release: FreeBSD 4.0-STABLE i386
>Organization:
WaterSpout Communications, Inc.
>Environment:
FreeBSD 4.0-STABLE, FreeBSD 5-CURRENT
>Description:
My previous patch to arpintr() does too much work. I incorrectly
assumed that since it was wrong to check m->m_len for the length
of the entire mbuf chain, (completely forgetting m->mh_len), that
I had to do all the work myself. I even made a comment about
how silly it was to do all the work with "wanna implement m_size?"
>How-To-Repeat:
There's no crash, just a code cleanup.
>Fix:
Apply this patch to remove the for-loop calculating the length
of the mbuf chain, and just trust m->mh_len.
Index: if_ether.c
===================================================================
RCS file: /project/cvs/FreeBSD/src/sys/netinet/if_ether.c,v
retrieving revision 1.68
diff -u -r1.68 if_ether.c
--- if_ether.c 2000/03/29 07:50:39 1.68
+++ if_ether.c 2000/04/09 03:28:43
@@ -434,7 +434,7 @@
{
register struct mbuf *m, *m0;
register struct arphdr *ar;
- int s, ml;
+ int s;
while (arpintrq.ifq_head) {
s = splimp();
@@ -442,7 +442,14 @@
splx(s);
if (m == 0 || (m->m_flags & M_PKTHDR) == 0)
panic("arpintr");
-
+
+ if (m->mh_len < sizeof(struct arphdr) + 2 * ar->ar_hln
+ + 2 * ar->ar_pln) {
+ log(LOG_ERR, "arp: runt packet\n");
+ m_freem(m);
+ continue;
+ }
+
if (m->m_len < sizeof(struct arphdr) &&
((m = m_pullup(m, sizeof(struct arphdr))) == NULL)) {
log(LOG_ERR, "arp: runt packet -- m_pullup failed\n");
@@ -455,20 +462,6 @@
log(LOG_ERR,
"arp: unknown hardware address format (0x%2D)\n",
(unsigned char *)&ar->ar_hrd, "");
- m_freem(m);
- continue;
- }
-
- m0 = m;
- ml = 0;
- while (m0 != NULL) {
- ml += m0->m_len; /* wanna implement m_size?? */
- m0 = m0->m_next;
- }
-
- if (ml < sizeof(struct arphdr) + 2 * ar->ar_hln
- + 2 * ar->ar_pln) {
- log(LOG_ERR, "arp: runt packet\n");
m_freem(m);
continue;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004090334.WAA05395>