d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not trust ipfw: check m_len always, not only after m_dup.

Browse Source 
Submitted by:	ru
This commit is contained in:
glebius 2005-02-11 23:07:22 +00:00
parent ea01332a61
commit b8a36d0c63
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sys/netgraph/ng_ipfw.c
View File

@ -294,10 +294,13 @@ ng_ipfw_input(struct mbuf **m0, int dir, struct ip_fw_args *fwa, int tee)
m_tag_prepend(m, &ngit->mt);
} else
if ((m = m_dup(*m0, M_DONTWAIT)) == NULL ||
(m = m_pullup(m, sizeof(struct ip))) == NULL)
if ((m = m_dup(*m0, M_DONTWAIT)) == NULL)
return (ENOMEM); /* which is ignored */
if (m->m_len < sizeof(struct ip) &&
(m = m_pullup(m, sizeof(struct ip))) == NULL)
return(EINVAL);
ip = mtod(m, struct ip *);
ip->ip_len = htons(ip->ip_len);
ip->ip_off = htons(ip->ip_off);