diff options
| author |   dlg <dlg@openbsd.org> | 2016-02-05 13:17:37 +0000 |
|---|---|---|
| committer | dlg <dlg@openbsd.org> | 2016-02-05 13:17:37 +0000 |
| commit | 3e8337df896f84d77115221a4d5ddd4714aa37ce (patch) | |
| tree | 44527de14d1cd80f7d698095da0fbe12340d8abc | |
| parent | Sort includes. (diff) | |
| download | wireguard-openbsd-3e8337df896f84d77115221a4d5ddd4714aa37ce.tar.xz wireguard-openbsd-3e8337df896f84d77115221a4d5ddd4714aa37ce.zip | |
return if the bpf_if passed to bpf_tap and _bpf_mtap are NULL.
this works around a toctou bug in a very common idiom in our tree,
in between the two lines below:
if (ifp->if_bpf)
bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT);
figured out by and diff from haesbart
| -rw-r--r-- | sys/net/bpf.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sys/net/bpf.c b/sys/net/bpf.c index 167c5fe86c8..9dc0f4b59e8 100644 --- a/sys/net/bpf.c +++ b/sys/net/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.132 2016/01/07 05:31:17 guenther Exp $ */ +/* $OpenBSD: bpf.c,v 1.133 2016/02/05 13:17:37 dlg Exp $ */ /* $NetBSD: bpf.c,v 1.33 1997/02/21 23:59:35 thorpej Exp $ */ /* @@ -1144,6 +1144,9 @@ bpf_tap(caddr_t arg, u_char *pkt, u_int pktlen, u_int direction) struct timeval tv; int drop = 0, gottime = 0; + if (bp == NULL) + return (0); + SRPL_FOREACH(d, &bp->bif_dlist, &i, bd_next) { atomic_inc_long(&d->bd_rcount); @@ -1225,6 +1228,9 @@ _bpf_mtap(caddr_t arg, struct mbuf *m, u_int direction, if (cpfn == NULL) cpfn = bpf_mcopy; + if (bp == NULL) + return; + pktlen = 0; for (m0 = m; m0 != NULL; m0 = m0->m_next) pktlen += m0->m_len; |