Merge bpf_filter.c r182425 and add test cases for jump range checks.

While I am here, fix stupid typos in test0080.h and make it JIT compiler only.
This commit is contained in:
jkim 2008-08-29 02:12:45 +00:00
parent 4d92376beb
commit a85de0848e
6 changed files with 136 additions and 26 deletions

View File

@ -19,7 +19,8 @@ TEST_CASES?= test0001 test0002 test0003 test0004 \
test0065 test0066 test0067 test0068 \
test0069 test0070 test0071 test0072 \
test0073 test0074 test0075 test0076 \
test0077 test0078 test0079 test0080
test0077 test0078 test0079 test0080 \
test0081 test0082
SYSDIR?= ${.CURDIR}/../../../../sys

View File

@ -145,14 +145,13 @@ bpf_validate(const struct bpf_insn *f, int len)
* the code block.
*/
if (BPF_CLASS(p->code) == BPF_JMP) {
register int from = i + 1;
register u_int offset;
if (BPF_OP(p->code) == BPF_JA) {
if (from >= len || p->k >= (u_int)len - from)
return (0);
}
else if (from >= len || p->jt >= len - from ||
p->jf >= len - from)
if (BPF_OP(p->code) == BPF_JA)
offset = p->k;
else
offset = p->jt > p->jf ? p->jt : p->jf;
if (offset >= (u_int)(len - i) - 1)
return (0);
}
/*

View File

@ -1,45 +1,47 @@
/*-
* Test 0080: Check uninitialized scratch memory.
*
* Note: This behavior is not guaranteed with bpf_filter(9).
* Test 0080: Check uninitialized scratch memory (only for JIT compiler).
*
* $FreeBSD$
*/
/* BPF program */
struct bpf_insn pc[] = {
#ifdef BPF_JIT_COMPILER
BPF_STMT(BPF_LDX+BPF_IMM, 0xffffffff),
BPF_STMT(BPF_LD+BPF_MEM, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 30, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 29, 0),
BPF_STMT(BPF_LD+BPF_MEM, 1),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 28, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 27, 0),
BPF_STMT(BPF_LD+BPF_MEM, 2),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 26, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 25, 0),
BPF_STMT(BPF_LD+BPF_MEM, 3),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 24, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 23, 0),
BPF_STMT(BPF_LD+BPF_MEM, 4),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 22, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 21, 0),
BPF_STMT(BPF_LD+BPF_MEM, 5),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 20, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 19, 0),
BPF_STMT(BPF_LD+BPF_MEM, 6),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 18, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 17, 0),
BPF_STMT(BPF_LD+BPF_MEM, 7),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 16, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 15, 0),
BPF_STMT(BPF_LD+BPF_MEM, 8),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 14, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 13, 0),
BPF_STMT(BPF_LD+BPF_MEM, 9),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 12, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 11, 0),
BPF_STMT(BPF_LD+BPF_MEM, 10),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 10, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 9, 0),
BPF_STMT(BPF_LD+BPF_MEM, 11),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 8, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 7, 0),
BPF_STMT(BPF_LD+BPF_MEM, 12),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 6, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 5, 0),
BPF_STMT(BPF_LD+BPF_MEM, 13),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 4, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 3, 0),
BPF_STMT(BPF_LD+BPF_MEM, 14),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 2, 0, 0),
BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 1, 0),
BPF_STMT(BPF_LD+BPF_MEM, 15),
#else
BPF_STMT(BPF_LD+BPF_IMM, 0),
#endif
BPF_STMT(BPF_RET+BPF_A, 0),
};

View File

@ -0,0 +1,37 @@
/*-
* Test 0081: Check unconditional jump range.
*
* $FreeBSD$
*/
/* BPF program */
struct bpf_insn pc[] = {
BPF_STMT(BPF_LD+BPF_IMM, 0),
BPF_JUMP(BPF_JMP+BPF_JA, 2, 0, 0),
BPF_STMT(BPF_LD+BPF_IMM, 0xdeadc0de),
BPF_STMT(BPF_RET+BPF_A, 0),
};
/* Packet */
u_char pkt[] = {
0x00,
};
/* Packet length seen on wire */
u_int wirelen = sizeof(pkt);
/* Packet length passed on buffer */
u_int buflen = sizeof(pkt);
/* Invalid instruction */
int invalid = 1;
/* Expected return value */
u_int expect = 0;
/* Expected signal */
#ifdef BPF_JIT_COMPILER
int expect_signal = SIGSEGV;
#else
int expect_signal = SIGABRT;
#endif

View File

@ -0,0 +1,37 @@
/*-
* Test 0082: Check conditional jump ranges.
*
* $FreeBSD$
*/
/* BPF program */
struct bpf_insn pc[] = {
BPF_STMT(BPF_LD+BPF_IMM, 0),
BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, 0, 1, 2),
BPF_STMT(BPF_LD+BPF_IMM, 0xdeadc0de),
BPF_STMT(BPF_RET+BPF_A, 0),
};
/* Packet */
u_char pkt[] = {
0x00,
};
/* Packet length seen on wire */
u_int wirelen = sizeof(pkt);
/* Packet length passed on buffer */
u_int buflen = sizeof(pkt);
/* Invalid instruction */
int invalid = 1;
/* Expected return value */
u_int expect = 0;
/* Expected signal */
#ifdef BPF_JIT_COMPILER
int expect_signal = SIGSEGV;
#else
int expect_signal = SIGABRT;
#endif

View File

@ -0,0 +1,34 @@
/*-
* Test 0083: Check that the last instruction is BPF_RET.
*
* $FreeBSD$
*/
/* BPF program */
struct bpf_insn pc[] = {
BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 0),
};
/* Packet */
u_char pkt[] = {
0x00,
};
/* Packet length seen on wire */
u_int wirelen = sizeof(pkt);
/* Packet length passed on buffer */
u_int buflen = sizeof(pkt);
/* Invalid instruction */
int invalid = 1;
/* Expected return value */
u_int expect = 0;
/* Expected signal */
#ifdef BPF_JIT_COMPILER
int expect_signal = SIGSEGV;
#else
int expect_signal = SIGABRT;
#endif