Module Name: src Committed By: plunky Date: Thu Dec 2 19:07:28 UTC 2010
Modified Files: src/sys/netinet: tcp_input.c Log Message: fix potential mbuf overflow, from Alexander Danilov on tech-net To generate a diff of this commit: cvs rdiff -u -r1.305 -r1.306 src/sys/netinet/tcp_input.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netinet/tcp_input.c diff -u src/sys/netinet/tcp_input.c:1.305 src/sys/netinet/tcp_input.c:1.306 --- src/sys/netinet/tcp_input.c:1.305 Wed May 26 17:38:29 2010 +++ src/sys/netinet/tcp_input.c Thu Dec 2 19:07:27 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: tcp_input.c,v 1.305 2010/05/26 17:38:29 bouyer Exp $ */ +/* $NetBSD: tcp_input.c,v 1.306 2010/12/02 19:07:27 plunky Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -145,7 +145,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.305 2010/05/26 17:38:29 bouyer Exp $"); +__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.306 2010/12/02 19:07:27 plunky Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -4274,7 +4274,7 @@ return (ENOBUFS); #endif MGETHDR(m, M_DONTWAIT, MT_DATA); - if (m && tlen > MHLEN) { + if (m && (max_linkhdr + tlen) > MHLEN) { MCLGET(m, M_DONTWAIT); if ((m->m_flags & M_EXT) == 0) { m_freem(m);