d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Validate scratch memory addresses for BPF_STX and BPF_LDX|BPF_MEM.

Browse Source 
A badly written filter was able to reference invalid addresses,
even cause kernel crash.

MFC after:	3 days
This commit is contained in:
Jung-uk Kim 2008-08-28 17:49:37 +00:00
parent 9c8d21f901
commit 8cfdb2fb13
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=182380
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/net/bpf_filter.c
View File

@ -541,7 +541,9 @@ bpf_validate(f, len)
* Check that memory operations use valid addresses.
*/
if ((BPF_CLASS(p->code) == BPF_ST ||
(BPF_CLASS(p->code) == BPF_LD &&
BPF_CLASS(p->code) == BPF_STX ||
((BPF_CLASS(p->code) == BPF_LD ||
BPF_CLASS(p->code) == BPF_LDX) &&
(p->code & 0xe0) == BPF_MEM)) &&
p->k >= BPF_MEMWORDS)
return 0;