From dccb7faff6a4293a4b3ecef58c091e32eea48067 Mon Sep 17 00:00:00 2001 From: Jung-uk Kim Date: Tue, 3 Jan 2006 20:26:03 +0000 Subject: [PATCH] - Explicitly validate an empty filter to match bpf_filter() comment[1]. - Do not use BPF JIT compiler for an empty filter. [1] Pointed out by: darrenr --- sys/amd64/amd64/bpf_jit_machdep.c | 4 ++++ sys/i386/i386/bpf_jit_machdep.c | 4 ++++ sys/net/bpf_filter.c | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/sys/amd64/amd64/bpf_jit_machdep.c b/sys/amd64/amd64/bpf_jit_machdep.c index 9c0c15b267e8..b8c51909b223 100644 --- a/sys/amd64/amd64/bpf_jit_machdep.c +++ b/sys/amd64/amd64/bpf_jit_machdep.c @@ -103,6 +103,10 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem) */ emit_func emitm; + /* Do not compile an empty filter. */ + if (nins == 0) + return NULL; + /* Allocate the reference table for the jumps */ stream.refs = (u_int *)malloc((nins + 1) * sizeof(u_int), M_BPFJIT, M_NOWAIT); diff --git a/sys/i386/i386/bpf_jit_machdep.c b/sys/i386/i386/bpf_jit_machdep.c index 1465ce514319..362569ed900a 100644 --- a/sys/i386/i386/bpf_jit_machdep.c +++ b/sys/i386/i386/bpf_jit_machdep.c @@ -103,6 +103,10 @@ bpf_jit_compile(struct bpf_insn *prog, u_int nins, int *mem) */ emit_func emitm; + /* Do not compile an empty filter. */ + if (nins == 0) + return NULL; + /* Allocate the reference table for the jumps */ stream.refs = (u_int *)malloc((nins + 1) * sizeof(u_int), M_BPFJIT, M_NOWAIT); diff --git a/sys/net/bpf_filter.c b/sys/net/bpf_filter.c index 0a4c67eb2440..40b54bf47b96 100644 --- a/sys/net/bpf_filter.c +++ b/sys/net/bpf_filter.c @@ -521,7 +521,7 @@ bpf_validate(f, len) register const struct bpf_insn *p; if (len < 1) - return 0; + return 1; for (i = 0; i < len; ++i) { /*