- Utilize m_get2(), accidentially fixing some signedness bugs.

- Return EMSGSIZE in both cases if uio_resid is oversized or undersized. - No need to clear rcvif.
2013-01-24 14:29:31 +00:00 · 2013-01-24 14:29:31 +00:00 · ed63043b21
commit ed63043b21
parent d30a6b30fc
1 changed files with 3 additions and 20 deletions
--- a/sys/net/bpf.c
+++ b/sys/net/bpf.c
@ -522,32 +522,15 @@ bpf_movein(struct uio *uio, int linktype, struct ifnet *ifp, struct mbuf **mp,
 	}

 	len = uio->uio_resid;
-
-	if (len - hlen > ifp->if_mtu)
+	if (len < hlen || len - hlen > ifp->if_mtu)
 		return (EMSGSIZE);

-	if ((unsigned)len > MJUM16BYTES)
+	m = m_get2(M_WAITOK, MT_DATA, M_PKTHDR, len);
+	if (m == NULL)
 		return (EIO);
-
-	if (len <= MHLEN)
-		MGETHDR(m, M_WAITOK, MT_DATA);
-	else if (len <= MCLBYTES)
-		m = m_getcl(M_WAITOK, MT_DATA, M_PKTHDR);
-	else
-		m = m_getjcl(M_WAITOK, MT_DATA, M_PKTHDR,
-#if (MJUMPAGESIZE > MCLBYTES)
-		    len <= MJUMPAGESIZE ? MJUMPAGESIZE :
-#endif
-		    (len <= MJUM9BYTES ? MJUM9BYTES : MJUM16BYTES));
 	m->m_pkthdr.len = m->m_len = len;
-	m->m_pkthdr.rcvif = NULL;
 	*mp = m;

-	if (m->m_len < hlen) {
-		error = EPERM;
-		goto bad;
-	}
-
 	error = uiomove(mtod(m, u_char *), len, uio);
 	if (error)
 		goto bad;