NetBSD Problem Report #37663
From martin@duskware.de Wed Jan 2 09:50:25 2008
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id C62D263BD91
for <gnats-bugs@gnats.netbsd.org>; Wed, 2 Jan 2008 09:50:25 +0000 (UTC)
Message-Id: <20080102001755.BFAED63BD91@narn.NetBSD.org>
Date: Wed, 2 Jan 2008 00:17:55 +0000 (UTC)
From: guy@alum.mit.edu
Reply-To: guy@alum.mit.edu
To: netbsd-bugs-owner@NetBSD.org
Subject: bpf_validate rejects valid programs that use the multiply instruction
X-Send-Pr-Version: www-1.0
>Number: 37663
>Category: kern
>Synopsis: bpf_validate rejects valid programs that use the multiply instruction
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jan 02 09:55:00 +0000 2008
>Closed-Date: Wed Jan 02 15:56:22 +0000 2008
>Last-Modified: Sun Feb 03 00:30:01 +0000 2008
>Originator: Guy Harris
>Release: 4.0
>Organization:
>Environment:
NetBSD gharris-netbsd 4.0 NetBSD 4.0 (GENERIC_LAPTOP) #0: Sun Dec 16 00:27:57 PST 2007 builds@wb34:/home/builds/ab/netbsd-4-0-RELEASE/i386/200712160005Z-obj/home/builds/ab/netbsd-4-0-RELEASE/src/sys/arch/i386/compile/GENERIC_LAPTOP i386
>Description:
bpf_validate(), in sys/net/bpf/bpf_filter.c, doesn't accept the BPF_MUL instruction.
>How-To-Repeat:
Run tcpdump with a filter such as "tcp[0:4]*tcp[4:4] = tcp[8:4]". It shouldn't report an EINVAL from BIOCSETF, but it does.
>Fix:
This patch also cleans up some comments.
*** /tmp/bpf_filter.c Tue Jan 1 14:45:19 2008
--- bpf_filter.c Tue Jan 1 14:46:48 2008
***************
*** 453,461 ****
/*
* Return true if the 'fcode' is a valid filter program.
* The constraints are that each jump be forward and to a valid
! * code. The code must terminate with either an accept or reject.
! * 'valid' is an array for use by the routine (it must be at least
! * 'len' bytes long).
*
* The kernel needs to be able to verify an application's filter code.
* Otherwise, a bogus program could easily crash the system.
--- 453,462 ----
/*
* Return true if the 'fcode' is a valid filter program.
* The constraints are that each jump be forward and to a valid
! * code, that memory accesses are within valid ranges (to the
! * extent that this can be checked statically; loads of packet
! * data have to be, and are, also checked at run time), and that
! * the code terminates with either an accept or reject.
*
* The kernel needs to be able to verify an application's filter code.
* Otherwise, a bogus program could easily crash the system.
***************
*** 466,472 ****
u_int i, from;
struct bpf_insn *p;
-
if (len < 1 || len > BPF_MAXINSNS)
return 0;
--- 467,472 ----
***************
*** 502,507 ****
--- 502,508 ----
switch (BPF_OP(p->code)) {
case BPF_ADD:
case BPF_SUB:
+ case BPF_MUL:
case BPF_OR:
case BPF_AND:
case BPF_LSH:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: christos@netbsd.org
State-Changed-When: Wed, 02 Jan 2008 10:56:22 -0500
State-Changed-Why:
fixed, thanks
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: PR/37663 CVS commit: src/sys/net
Date: Wed, 2 Jan 2008 15:58:01 +0000 (UTC)
Module Name: src
Committed By: christos
Date: Wed Jan 2 15:58:01 UTC 2008
Modified Files:
src/sys/net: bpf_filter.c
Log Message:
PR/37663: Guy Harris: bpf_validate rejects valid programs that use the multiply instruction
To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 src/sys/net/bpf_filter.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Jeff Rizzo <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/37663 CVS commit: [netbsd-4] src/sys/net
Date: Sun, 3 Feb 2008 00:28:12 +0000 (UTC)
Module Name: src
Committed By: riz
Date: Sun Feb 3 00:28:12 UTC 2008
Modified Files:
src/sys/net [netbsd-4]: bpf_filter.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1032):
sys/net/bpf_filter.c: revision 1.34
PR/37663: Guy Harris: bpf_validate rejects valid programs that use the
multiply instruction
To generate a diff of this commit:
cvs rdiff -r1.32 -r1.32.2.1 src/sys/net/bpf_filter.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.