| commit | faff5ee2a233ea005d8cf5558dc00f0730a99c5d | |
| author | Sepherosa Ziehau <sephe@dragonflybsd.org> | |
| Wed, 2 Jan 2008 12:30:34 +0000 (2 12:30 +0000) | ||
| committer | Sepherosa Ziehau <sephe@dragonflybsd.org> | |
| Wed, 2 Jan 2008 12:30:34 +0000 (2 12:30 +0000) | ||
| tree | fa7ff6ac941f9dc75a2e215bede2a661c7f33bd3 | treesnapshot (tar.gz zip) |
| parent | 15a280041c8975d126ed4455fff2e854cddfc682 | commitdiff |
Add more sanity checks in bpf_validate():
- BPF programs with no instructions or with more than BPF_MAXINSNS
instructions.
- BPF_STX and BPF_LDX|BPF_MEM instructions that have out-of-range offsets
(which could be made to fetch or store into arbitrary memory locations).
- BPF_DIV instructions with a constant 0 divisor (that's a check also done
at run time).
Submitted-by: Guy Harris <guy@alum.mit.edu>
Obtained-from:
OpenBSD (with additional comments and modification from the submitter)
- BPF programs with no instructions or with more than BPF_MAXINSNS
instructions.
- BPF_STX and BPF_LDX|BPF_MEM instructions that have out-of-range offsets
(which could be made to fetch or store into arbitrary memory locations).
- BPF_DIV instructions with a constant 0 divisor (that's a check also done
at run time).
Submitted-by: Guy Harris <guy@alum.mit.edu>
Obtained-from:
OpenBSD (with additional comments and modification from the submitter)
| sys/net/bpf.c | diffblobblamehistory | |
| sys/net/bpf_filter.c | diffblobblamehistory |