Module Name: src
Committed By: drochner
Date: Wed Apr 21 16:35:09 UTC 2010
Modified Files:
src/sys/net: bpf_filter.c
Log Message:
the correct check for BPF_K is with BPF_SRC for BPF_ALU ops, from
Guy Harris per PR kern/43185
fixes possible division-by-zero crashes by evil filter expressions
like "len / 0 = 1"
pullup candidate
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/sys/net/bpf_filter.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/bpf_filter.c
diff -u src/sys/net/bpf_filter.c:1.35 src/sys/net/bpf_filter.c:1.36
--- src/sys/net/bpf_filter.c:1.35 Wed Aug 20 13:01:54 2008
+++ src/sys/net/bpf_filter.c Wed Apr 21 16:35:09 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: bpf_filter.c,v 1.35 2008/08/20 13:01:54 joerg Exp $ */
+/* $NetBSD: bpf_filter.c,v 1.36 2010/04/21 16:35:09 drochner Exp $ */
/*-
* Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -37,7 +37,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.35 2008/08/20 13:01:54 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.36 2010/04/21 16:35:09 drochner Exp $");
#if 0
#if !(defined(lint) || defined(KERNEL))
@@ -513,7 +513,7 @@
/*
* Check for constant division by 0.
*/
- if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
+ if (BPF_SRC(p->code) == BPF_K && p->k == 0)
return 0;
break;
default:
