From 3b4315d3f6ce29d16d3f8e2c62b2f9c24192c3a8 Mon Sep 17 00:00:00 2001 From: Patrick Mooney Date: Thu, 3 Dec 2015 19:50:54 +0000 Subject: [PATCH] 6735 pfp should allocate appropriate space for sockaddr Reviewed by: Jerry Jelinek Reviewed by: Yuri Pankov Approved by: Hans Rosenfeld --- usr/src/uts/common/inet/sockmods/netpacket/packet.h | 2 +- usr/src/uts/common/inet/sockmods/sockmod_pfp.c | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/usr/src/uts/common/inet/sockmods/netpacket/packet.h b/usr/src/uts/common/inet/sockmods/netpacket/packet.h index bcfecc39df..ba49076ab2 100644 --- a/usr/src/uts/common/inet/sockmods/netpacket/packet.h +++ b/usr/src/uts/common/inet/sockmods/netpacket/packet.h @@ -185,7 +185,7 @@ typedef struct pfpsock { mac_client_promisc_type_t ps_promisc; boolean_t ps_auxdata; struct tpacket_stats ps_stats; - struct sockaddr ps_sock; + struct sockaddr_ll ps_sock; datalink_id_t ps_linkid; kmutex_t ps_lock; boolean_t ps_flow_ctrld; diff --git a/usr/src/uts/common/inet/sockmods/sockmod_pfp.c b/usr/src/uts/common/inet/sockmods/sockmod_pfp.c index b821eec1a7..586d7f06f8 100644 --- a/usr/src/uts/common/inet/sockmods/sockmod_pfp.c +++ b/usr/src/uts/common/inet/sockmods/sockmod_pfp.c @@ -500,7 +500,7 @@ pfp_packet(void *arg, mac_resource_handle_t mrh, mblk_t *mp, boolean_t flag) tunit->SRC_length = sizeof (struct sockaddr); tunit->SRC_offset = sizeof (*tunit); - sol = (struct sockaddr_ll *)&ps->ps_sock; + sol = &ps->ps_sock; sll = (struct sockaddr_ll *)(mp0->b_rptr + sizeof (*tunit)); sll->sll_ifindex = sol->sll_ifindex; sll->sll_hatype = (uint16_t)hdr.mhi_origsap; @@ -578,7 +578,6 @@ pfp_packet(void *arg, mac_resource_handle_t mrh, mblk_t *mp, boolean_t flag) * network interface) into promiscuous mode. It is then up to the application * to turn that down by issuing the relevant ioctls, if desired. */ -/* ARGSUSED */ static int sdpfp_bind(sock_lower_handle_t handle, struct sockaddr *addr, socklen_t addrlen, struct cred *cred) @@ -593,6 +592,9 @@ sdpfp_bind(sock_lower_handle_t handle, struct sockaddr *addr, if (ps->ps_bound) return (EINVAL); + if (addrlen < sizeof (struct sockaddr_ll) || addr == NULL) + return (EINVAL); + addr_ll = (struct sockaddr_ll *)addr; error = pfp_open_index(addr_ll->sll_ifindex, &mh, &mch, cred); @@ -615,7 +617,7 @@ sdpfp_bind(sock_lower_handle_t handle, struct sockaddr *addr, * Cache all of the information from bind so that it's in an easy * place to get at when packets are received. */ - sol = (struct sockaddr_ll *)&ps->ps_sock; + sol = &ps->ps_sock; sol->sll_family = AF_PACKET; sol->sll_ifindex = addr_ll->sll_ifindex; sol->sll_protocol = addr_ll->sll_protocol; @@ -763,7 +765,7 @@ sdpfp_senduio(sock_lower_handle_t handle, struct uio *uiop, ks_stats.kp_send_unbound.value.ui64++; return (EPROTO); } - sol = (struct sockaddr_ll *)&ps->ps_sock; + sol = &ps->ps_sock; } else { /* * Verify the sockaddr_ll message passed down before using @@ -782,7 +784,7 @@ sdpfp_senduio(sock_lower_handle_t handle, struct uio *uiop, return (EAFNOSUPPORT); } - sll = (struct sockaddr_ll *)&ps->ps_sock; + sll = &ps->ps_sock; if (sol->sll_ifindex != sll->sll_ifindex) { error = pfp_open_index(sol->sll_ifindex, &mh, &mch, cred); @@ -1264,8 +1266,7 @@ pfp_setpacket_sockopt(sock_lower_handle_t handle, int option_name, case PACKET_ADD_MEMBERSHIP : switch (mreq.mr_type) { case PACKET_MR_MULTICAST : - if (mreq.mr_alen != - ((struct sockaddr_ll *)&ps->ps_sock)->sll_halen) + if (mreq.mr_alen != ps->ps_sock.sll_halen) return (EINVAL); error = mac_multicast_add(ps->ps_mch, mreq.mr_address); @@ -1284,8 +1285,7 @@ pfp_setpacket_sockopt(sock_lower_handle_t handle, int option_name, case PACKET_DROP_MEMBERSHIP : switch (mreq.mr_type) { case PACKET_MR_MULTICAST : - if (mreq.mr_alen != - ((struct sockaddr_ll *)&ps->ps_sock)->sll_halen) + if (mreq.mr_alen != ps->ps_sock.sll_halen) return (EINVAL); mac_multicast_remove(ps->ps_mch, mreq.mr_address); -- 2.11.4.GIT