diff options
| author | yongari <yongari@FreeBSD.org> | 2010-10-14 18:31:40 +0000 |
|---|---|---|
| committer | yongari <yongari@FreeBSD.org> | 2010-10-14 18:31:40 +0000 |
| commit | 92023f4cc9e471aa4ad6bf4362c248d8f173e46a (patch) | |
| tree | a0e4e25c77486cf23be8641eed71e4b366b6078f /sys/dev/alc | |
| parent | a4ebafd9602a429881d9def23f17e029dcc762ce (diff) | |
| download | FreeBSD-src-92023f4cc9e471aa4ad6bf4362c248d8f173e46a.zip FreeBSD-src-92023f4cc9e471aa4ad6bf4362c248d8f173e46a.tar.gz | |
Make sure to not use stale ip/tcp header pointers. The ip/tcp
header parser uses m_pullup(9) to get access to mbuf chain.
m_pullup(9) can allocate new mbuf chain and free old one if the
space left in the mbuf chain is not enough to hold requested
contiguous bytes. Previously drivers can use stale ip/tcp header
pointer if m_pullup(9) returned new mbuf chain.
Reported by: Andrew Boyer (aboyer <> averesystems dot com)
MFC after: 10 days
Diffstat (limited to 'sys/dev/alc')
| -rw-r--r-- | sys/dev/alc/if_alc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/dev/alc/if_alc.c b/sys/dev/alc/if_alc.c index 10061f3..1550571 100644 --- a/sys/dev/alc/if_alc.c +++ b/sys/dev/alc/if_alc.c @@ -2104,6 +2104,8 @@ alc_encap(struct alc_softc *sc, struct mbuf **m_head) * Reset IP checksum and recompute TCP pseudo * checksum as NDIS specification said. */ + ip = (struct ip *)(mtod(m, char *) + ip_off); + tcp = (struct tcphdr *)(mtod(m, char *) + poff); ip->ip_sum = 0; tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr, htons(IPPROTO_TCP)); |
