diff options
| author | brooks <brooks@FreeBSD.org> | 2005-07-27 19:25:46 +0000 |
|---|---|---|
| committer | brooks <brooks@FreeBSD.org> | 2005-07-27 19:25:46 +0000 |
| commit | 44060e7f1309db0879535f1047e6dd73d15346b1 (patch) | |
| tree | d3d41ba7b7b604cd5c8e861a68ff6b907a8411b4 /sbin/dhclient | |
| parent | 4a219579e08eca93e62f479c82a00d18fcaaeb19 (diff) | |
| download | FreeBSD-src-44060e7f1309db0879535f1047e6dd73d15346b1.zip FreeBSD-src-44060e7f1309db0879535f1047e6dd73d15346b1.tar.gz | |
Fix a bug in the handling of cases where we got a short (or zero)
capture. Zero length captures caused an infinte loop and short captures
probably caused memory corruption and a crash.
Reported by: many
MFC After: 3 days
Diffstat (limited to 'sbin/dhclient')
| -rw-r--r-- | sbin/dhclient/bpf.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sbin/dhclient/bpf.c b/sbin/dhclient/bpf.c index 7482c95..abda36e 100644 --- a/sbin/dhclient/bpf.c +++ b/sbin/dhclient/bpf.c @@ -316,19 +316,19 @@ receive_packet(struct interface_info *interface, unsigned char *buf, continue; } + /* Skip over the BPF header... */ + interface->rbuf_offset += hdr.bh_hdrlen; + /* * If the captured data wasn't the whole packet, or if * the packet won't fit in the input buffer, all we can * do is drop it. */ if (hdr.bh_caplen != hdr.bh_datalen) { - interface->rbuf_offset += hdr.bh_hdrlen = hdr.bh_caplen; + interface->rbuf_offset += hdr.bh_caplen; continue; } - /* Skip over the BPF header... */ - interface->rbuf_offset += hdr.bh_hdrlen; - /* Decode the physical header... */ offset = decode_hw_header(interface->rbuf, interface->rbuf_offset, hfrom); |
