The branch main has been updated by donner:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7c7c231c14246a709270bf3f3a4593208e84d01a
commit 7c7c231c14246a709270bf3f3a4593208e84d01a
Author: Lutz Donnerhacke <l...@donnerhacke.de>
AuthorDate: 2021-01-02 13:58:17 +0000
Commit: Lutz Donnerhacke <don...@freebsd.org>
CommitDate: 2021-01-18 12:23:22 +0000
netgraph/ng_tag: permit variable length data
ng_tag(4) operate on arbitrary data of mbuf_tags(9). Those structures
are padded to the next multiple of the alignment by the compiler.
Hence a valid argument has be at most as long as the data received.
PR: 241462
Reviewed by: kp
Approved by: kp (mentor)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D22140
---
sys/netgraph/ng_tag.c | 10 ++++------
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/sys/netgraph/ng_tag.c b/sys/netgraph/ng_tag.c
index 364a0bd83dc0..d46c463fc53a 100644
--- a/sys/netgraph/ng_tag.c
+++ b/sys/netgraph/ng_tag.c
@@ -363,9 +363,8 @@ ng_tag_rcvmsg(node_p node, item_p item, hook_p lasthook)
hook_p hook;
/* Sanity check. */
- if (msg->header.arglen < sizeof(*hp)
- || msg->header.arglen !=
- NG_TAG_HOOKIN_SIZE(hp->tag_len))
+ if (msg->header.arglen < sizeof(*hp) ||
+ msg->header.arglen <
NG_TAG_HOOKIN_SIZE(hp->tag_len))
ERROUT(EINVAL);
/* Find hook. */
@@ -385,9 +384,8 @@ ng_tag_rcvmsg(node_p node, item_p item, hook_p lasthook)
hook_p hook;
/* Sanity check. */
- if (msg->header.arglen < sizeof(*hp)
- || msg->header.arglen !=
- NG_TAG_HOOKOUT_SIZE(hp->tag_len))
+ if (msg->header.arglen < sizeof(*hp) ||
+ msg->header.arglen <
NG_TAG_HOOKOUT_SIZE(hp->tag_len))
ERROUT(EINVAL);
/* Find hook. */
_______________________________________________
dev-commits-src-main@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/dev-commits-src-main
To unsubscribe, send any mail to "dev-commits-src-main-unsubscr...@freebsd.org"
