From 669bb973c4aa004b8dc991ebf3323d80d94d54d8 Mon Sep 17 00:00:00 2001
From: Archie Cobbs <archie@FreeBSD.org>
Date: Wed, 23 Jun 2004 02:37:10 +0000
Subject: [PATCH] Avoid calling bpf_filter() with len == 0, which causes a
 change in semantics (it treats the buffer pointer as an mbuf pointer) and
 subsequent panic.

MFC after:	3 days
Reported by:	Tony Hariman <tony@cbn.net.id>
---
 sys/netgraph/ng_bpf.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/netgraph/ng_bpf.c b/sys/netgraph/ng_bpf.c
index 3dceea397b6e..45c5023e1c61 100644
--- a/sys/netgraph/ng_bpf.c
+++ b/sys/netgraph/ng_bpf.c
@@ -403,7 +403,10 @@ ng_bpf_rcvdata(hook_p hook, item_p item)
 		data = mtod(m, u_char *);
 
 	/* Run packet through filter */
-	len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen);
+	if (totlen == 0)
+		len = 0;	/* don't call bpf_filter() with totlen == 0! */
+	else
+		len = bpf_filter(hip->prog->bpf_prog, data, totlen, totlen);
 	if (needfree)
 		FREE(data, M_NETGRAPH_BPF);