Avoid calling bpf_filter() with len == 0, which causes a change in semantics

(it treats the buffer pointer as an mbuf pointer) and subsequent panic. MFC after: 3 days Reported by: Tony Hariman <tony@cbn.net.id>
2004-06-23 02:37:10 +00:00 · 2004-06-23 02:37:10 +00:00 · 40f12514fb
commit 40f12514fb
parent 64b412424f
1 changed files with 4 additions and 1 deletions
--- a/sys/netgraph/ng_bpf.c
+++ b/sys/netgraph/ng_bpf.c
@ -403,7 +403,10 @@ ng_bpf_rcvdata(hook_p hook, item_p item)
 		data = mtod(m, u_char *);

 	/* Run packet through filter */
-	len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen);
+	if (totlen == 0)
+		len = 0;	/* don't call bpf_filter() with totlen == 0! */
+	else
+		len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen);
 	if (needfree)
 		FREE(data, M_NETGRAPH_BPF);