svn commit: r333207 - stable/11/sys/netipsec

Thu, 03 May 2018 01:18:07 -0700 

Author: ae
Date: Thu May  3 08:17:12 2018
New Revision: 333207
URL: https://svnweb.freebsd.org/changeset/base/333207

Log:
  MFC r333016:
    Merge r1.22-1.23 from NetBSD:
      Don't assume M_PKTHDR is set only on the first mbuf of the chain.
      The check is replaced by (m1 != m), which is equivalent to the previous
      code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
      m_adj().
  
      Fix a pretty bad mistake, that has always been there:
       m_adj(m1, -(m1->m_len - roff));
       if (m1 != m)
        m->m_pkthdr.len -= (m1->m_len - roff);
  
      This is wrong: m_adj() will modify m1->m_len, so we're using a wrong
      value when manually adjusting m->m_pkthdr.len.
  
    Reported by:        Maxime Villard <max at m00nbsd dot net>
    Obtained from:      NetBSD

Modified:
  stable/11/sys/netipsec/ipsec_mbuf.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netipsec/ipsec_mbuf.c
==============================================================================
--- stable/11/sys/netipsec/ipsec_mbuf.c Thu May  3 08:15:32 2018        
(r333206)
+++ stable/11/sys/netipsec/ipsec_mbuf.c Thu May  3 08:17:12 2018        
(r333207)
@@ -253,10 +253,11 @@ m_striphdr(struct mbuf *m, int skip, int hlen)
                /* The header was at the beginning of the mbuf */
                IPSECSTAT_INC(ips_input_front);
                m_adj(m1, hlen);
-               if ((m1->m_flags & M_PKTHDR) == 0)
+               if (m1 != m)
                        m->m_pkthdr.len -= hlen;
        } else if (roff + hlen >= m1->m_len) {
                struct mbuf *mo;
+               int adjlen;
 
                /*
                 * Part or all of the header is at the end of this mbuf,
@@ -265,11 +266,13 @@ m_striphdr(struct mbuf *m, int skip, int hlen)
                 */
                IPSECSTAT_INC(ips_input_end);
                if (roff + hlen > m1->m_len) {
+                       adjlen = roff + hlen - m1->m_len;
+
                        /* Adjust the next mbuf by the remainder */
-                       m_adj(m1->m_next, roff + hlen - m1->m_len);
+                       m_adj(m1->m_next, adjlen);
 
                        /* The second mbuf is guaranteed not to have a 
pkthdr... */
-                       m->m_pkthdr.len -= (roff + hlen - m1->m_len);
+                       m->m_pkthdr.len -= adjlen;
                }
 
                /* Now, let's unlink the mbuf chain for a second...*/
@@ -277,9 +280,10 @@ m_striphdr(struct mbuf *m, int skip, int hlen)
                m1->m_next = NULL;
 
                /* ...and trim the end of the first part of the chain...sick */
-               m_adj(m1, -(m1->m_len - roff));
-               if ((m1->m_flags & M_PKTHDR) == 0)
-                       m->m_pkthdr.len -= (m1->m_len - roff);
+               adjlen = m1->m_len - roff;
+               m_adj(m1, -adjlen);
+               if (m1 != m)
+                       m->m_pkthdr.len -= adjlen;
 
                /* Finally, let's relink */
                m1->m_next = mo;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to