diff options
author | archie <archie@FreeBSD.org> | 2004-06-23 02:37:10 +0000 |
---|---|---|
committer | archie <archie@FreeBSD.org> | 2004-06-23 02:37:10 +0000 |
commit | 65fa85e83db6067eb3c7c8fa6c44ffcaed666237 (patch) | |
tree | b26bee77c71cf0cdc0e122e107151de02ddb5142 /sys/netgraph | |
parent | 7e064ac98c6f16da00966149a4579ea7da989ab3 (diff) | |
download | FreeBSD-src-65fa85e83db6067eb3c7c8fa6c44ffcaed666237.zip FreeBSD-src-65fa85e83db6067eb3c7c8fa6c44ffcaed666237.tar.gz |
Avoid calling bpf_filter() with len == 0, which causes a change in semantics
(it treats the buffer pointer as an mbuf pointer) and subsequent panic.
MFC after: 3 days
Reported by: Tony Hariman <tony@cbn.net.id>
Diffstat (limited to 'sys/netgraph')
-rw-r--r-- | sys/netgraph/ng_bpf.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/netgraph/ng_bpf.c b/sys/netgraph/ng_bpf.c index 3dceea3..45c5023 100644 --- a/sys/netgraph/ng_bpf.c +++ b/sys/netgraph/ng_bpf.c @@ -403,7 +403,10 @@ ng_bpf_rcvdata(hook_p hook, item_p item) data = mtod(m, u_char *); /* Run packet through filter */ - len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen); + if (totlen == 0) + len = 0; /* don't call bpf_filter() with totlen == 0! */ + else + len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen); if (needfree) FREE(data, M_NETGRAPH_BPF); |