From 9f6a60e0001aac859ac7ea8f3b3bf962811839a6 Mon Sep 17 00:00:00 2001
From: glebius <glebius@FreeBSD.org>
Date: Thu, 24 Jan 2013 14:29:31 +0000
Subject: - Utilize m_get2(), accidentially fixing some signedness bugs. -
 Return EMSGSIZE in both cases if uio_resid is oversized or undersized. - No
 need to clear rcvif.

---
 sys/net/bpf.c | 23 +++--------------------
 1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/sys/net/bpf.c b/sys/net/bpf.c
index 9ee1964..ba31c66 100644
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@@ -522,32 +522,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
 	}
 
 	len = uio->uio_resid;
-
-	if (len - hlen > ifp->if_mtu)
+	if (len < hlen || len - hlen > ifp->if_mtu)
 		return (EMSGSIZE);
 
-	if ((unsigned)len > MJUM16BYTES)
+	m = m_get2(M_WAITOK, MT_DATA, M_PKTHDR, len);
+	if (m == NULL)
 		return (EIO);
-
-	if (len <= MHLEN)
-		MGETHDR(m, M_WAITOK, MT_DATA);
-	else if (len <= MCLBYTES)
-		m = m_getcl(M_WAITOK, MT_DATA, M_PKTHDR);
-	else
-		m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR,
-#if (MJUMPAGESIZE > MCLBYTES)
-		    len <= MJUMPAGESIZE ? MJUMPAGESIZE :
-#endif
-		    (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES));
 	m->m_pkthdr.len = m->m_len = len;
-	m->m_pkthdr.rcvif = NULL;
 	*mp = m;
 
-	if (m->m_len < hlen) {
-		error = EPERM;
-		goto bad;
-	}
-
 	error = uiomove(mtod(m, u_char *), len, uio);
 	if (error)
 		goto bad;
-- 
cgit v1.1