Skip to content

Commit

Permalink
As I suspected, the KASSERT I added yesterday can fire if we try to p…
Browse files Browse the repository at this point in the history 
…rocess

zero-sized packets. Skip them to prevent a type confusion that can trigger
random page faults later.

Reported-by: syzbot+3e447ebdcb2bcfa402ac@syzkaller.appspotmail.com
  • Loading branch information
maxv authored and maxv committed Sep 13, 2019
1 parent d86b062 commit 75eea5b
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions sys/net/bpf.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: bpf.c,v 1.230 2019/09/12 07:38:19 maxv Exp $ */
/* $NetBSD: bpf.c,v 1.231 2019/09/13 06:39:29 maxv Exp $ */

/*
* Copyright (c) 1990, 1991, 1993
Expand Down Expand Up @@ -39,7 +39,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.230 2019/09/12 07:38:19 maxv Exp $");
__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.231 2019/09/13 06:39:29 maxv Exp $");

#if defined(_KERNEL_OPT)
#include "opt_bpf.h"
Expand Down Expand Up @@ -1676,6 +1676,11 @@ _bpf_mtap(struct bpf_if *bp, struct mbuf *m, u_int direction)

pktlen = m_length(m);

/* Skip zero-sized packets. */
if (__predict_false(pktlen == 0)) {
return;
}

if (pktlen == m->m_len) {
cpfn = (void *)memcpy;
marg = mtod(m, void *);
Expand Down

0 comments on commit 75eea5b

Please sign in to comment.