CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2018/12/28 07:32:47
Modified files:
sys/net : if_switch.c switchctl.c switchofp.c
Log message:
Fix mbuf releated crashes in switch(4). They have been found by
syzkaller as pool corruption panic. It is unclear which bug caused
what, but it should be better now.
- Check M_PKTHDR with assertion before accessing m_pkthdr.
- Do not access oh_length without m_pullup().
- After checking if there is space at the end of the mbuf, don't
overwrite the data at the beginning. Append the new content.
- Do not set m_len and m_pkthdr.len when it is unclear whether
the ofp_error header fits at all. Use m_makespace() to adjust
the mbuf.
Reported-by: [email protected]
test akoshibe@; OK claudio@
