bpf_filter()'s bounds checks can allow out-of-bounds loads due to overflow on 32-bit platforms

If you do sudo tcpdump -i {interface} -O 'link[0xFFFC:4] != 0xf00ba4f' the generated code is (000) ld #0xfffc (001) st M[0] (002) ldx M[0] (003) ld [x + 0] (004) st M[1] (005) ld #0xf00ba4f

Re: bpf_filter()'s bounds checks can allow out-of-bounds loads due to overflow on 32-bit platforms

(BTW, thanks to Andy Wingo for pointing this out in a bug report for libpcap; the same problem exists in userland.)

Re: bpf_filter()'s bounds checks can allow out-of-bounds loads due to overflow on 32-bit platforms

On Aug 31, 2014, at 1:40 AM, Brad Smith wrote: > You have to send any diffs as inline text. OK: Index: bpf_filter.c === RCS file: /cvs/src/sys/net/bpf_filter.c,v retrieving revision 1.24 diff -u -r1.24 bpf_filter.c --- bpf_filter.

Re: Kernel panic em_rxeof - OpenBSD 5.6-current 2014.08.21 - Soekris 6501

On 25/08/14 17:11, Mike Belopuhov wrote: can you please try this diff diff --git sys/dev/pci/if_em.c sys/dev/pci/if_em.c index d6d7e8e..42fb3c4 100644 --- sys/dev/pci/if_em.c +++ sys/dev/pci/if_em.c @@ -2822,14 +2822,14 @@ em_rxfill(struct em_softc *sc) i = 0;