Module Name: src
Committed By: maxv
Date: Wed Apr 11 05:38:47 UTC 2018
Modified Files:
src/sys/netinet: if_arp.c
Log Message:
Add XXX.
To generate a diff of this commit:
cvs rdiff -u -r1.272 -r1.273 src/sys/netinet/if_arp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/if_arp.c
diff -u src/sys/netinet/if_arp.c:1.272 src/sys/netinet/if_arp.c:1.273
--- src/sys/netinet/if_arp.c:1.272 Tue Apr 10 08:41:14 2018
+++ src/sys/netinet/if_arp.c Wed Apr 11 05:38:47 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_arp.c,v 1.272 2018/04/10 08:41:14 maxv Exp $ */
+/* $NetBSD: if_arp.c,v 1.273 2018/04/11 05:38:47 maxv Exp $ */
/*
* Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.272 2018/04/10 08:41:14 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.273 2018/04/11 05:38:47 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_ddb.h"
@@ -1358,6 +1358,15 @@ reply:
}
ia4_release(ia, &psref_ia);
+ /*
+ * XXX XXX: Here we're recycling the mbuf. But the mbuf could have
+ * other mbufs in its chain, and just overwriting m->m_pkthdr.len
+ * would be wrong in this case (the length becomes smaller than the
+ * real chain size).
+ *
+ * This can theoretically cause bugs in the lower layers (drivers,
+ * and L2encap), in some corner cases.
+ */
memcpy(ar_tpa(ah), ar_spa(ah), ah->ar_pln);
memcpy(ar_spa(ah), &itaddr, ah->ar_pln);
ah->ar_op = htons(ARPOP_REPLY);
