From ae104d9814b199542431e6bc4bd83c1a9efdde8a Mon Sep 17 00:00:00 2001
From: jkim <jkim@FreeBSD.org>
Date: Tue, 3 Jan 2006 20:26:03 +0000
Subject: - Explicitly validate an empty filter to match bpf_filter()
 comment[1]. - Do not use BPF JIT compiler for an empty filter.

[1] Pointed out by:	darrenr
---
 sys/amd64/amd64/bpf_jit_machdep.c | 4 ++++
 sys/i386/i386/bpf_jit_machdep.c   | 4 ++++
 sys/net/bpf_filter.c              | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'sys')

diff --git a/sys/amd64/amd64/bpf_jit_machdep.c b/sys/amd64/amd64/bpf_jit_machdep.c
index 9c0c15b..b8c5190 100644
--- a/sys/amd64/amd64/bpf_jit_machdep.c
+++ b/sys/amd64/amd64/bpf_jit_machdep.c
@@ -103,6 +103,10 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 	 */
 	emit_func emitm;
 
+	/* Do not compile an empty filter. */
+	if (nins == 0)
+		return NULL;
+
 	/* Allocate the reference table for the jumps */
 	stream.refs = (u_int *)malloc((nins + 1) * sizeof(u_int),
 	    M_BPFJIT, M_NOWAIT);
diff --git a/sys/i386/i386/bpf_jit_machdep.c b/sys/i386/i386/bpf_jit_machdep.c
index 1465ce5..362569e 100644
--- a/sys/i386/i386/bpf_jit_machdep.c
+++ b/sys/i386/i386/bpf_jit_machdep.c
@@ -103,6 +103,10 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem)
 	 */
 	emit_func emitm;
 
+	/* Do not compile an empty filter. */
+	if (nins == 0)
+		return NULL;
+
 	/* Allocate the reference table for the jumps */
 	stream.refs = (u_int *)malloc((nins + 1) * sizeof(u_int),
 	    M_BPFJIT, M_NOWAIT);
diff --git a/sys/net/bpf_filter.c b/sys/net/bpf_filter.c
index 0a4c67e..40b54bf 100644
--- a/sys/net/bpf_filter.c
+++ b/sys/net/bpf_filter.c
@@ -521,7 +521,7 @@ bpf_validate(f, len)
 	register const struct bpf_insn *p;
 
 	if (len < 1)
-		return 0;
+		return 1;
 
 	for (i = 0; i < len; ++i) {
 		/*
-- 
cgit v1.1