Fix a bug in the handling of cases where we got a short (or zero)

capture. Zero length captures caused an infinte loop and short captures probably caused memory corruption and a crash. Reported by: many MFC After: 3 days
svn path=/head/; revision=148451
2005-07-27 19:25:46 +00:00 · 2005-07-27 19:25:46 +00:00 · 4eae015de1 · 2020-12-20 02:59:44 +00:00
commit 4eae015de1
parent fd95fd457f
1 changed files with 4 additions and 4 deletions
--- a/sbin/dhclient/bpf.c
+++ b/sbin/dhclient/bpf.c
@ -316,19 +316,19 @@ receive_packet(struct interface_info *interface, unsigned char *buf,
 			continue;
 		}

+		/* Skip over the BPF header... */
+		interface->rbuf_offset += hdr.bh_hdrlen;
+
 		/*
 		 * If the captured data wasn't the whole packet, or if
 		 * the packet won't fit in the input buffer, all we can
 		 * do is drop it.
 		 */
 		if (hdr.bh_caplen != hdr.bh_datalen) {
-			interface->rbuf_offset += hdr.bh_hdrlen = hdr.bh_caplen;
+			interface->rbuf_offset += hdr.bh_caplen;
 			continue;
 		}

-		/* Skip over the BPF header... */
-		interface->rbuf_offset += hdr.bh_hdrlen;
-
 		/* Decode the physical header... */
 		offset = decode_hw_header(interface->rbuf,
 		    interface->rbuf_offset, hfrom);