diff options
author | krw <krw@openbsd.org> | 2017-04-18 13:44:03 +0000 |
---|---|---|
committer | krw <krw@openbsd.org> | 2017-04-18 13:44:03 +0000 |
commit | bb4d9bd72b5c66bd3be98a81dc071f49dd411523 (patch) | |
tree | 786d74b474d08b40920ff26919734826f3f147eb /usr.sbin/dhcpd | |
parent | ensure the buffer cache backs off all the way with the correct type (diff) | |
download | wireguard-openbsd-bb4d9bd72b5c66bd3be98a81dc071f49dd411523.tar.xz wireguard-openbsd-bb4d9bd72b5c66bd3be98a81dc071f49dd411523.zip |
After 11 years of pondering about it I think that brookdavis@freebsd.org
had it correct. Don't BPF_WORDALIGN() the value for the number of
bytes read() into the buffer. This could theoretically cause the
processing of 1 - 3 more bytes than were read.
Diffstat (limited to 'usr.sbin/dhcpd')
-rw-r--r-- | usr.sbin/dhcpd/bpf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.sbin/dhcpd/bpf.c b/usr.sbin/dhcpd/bpf.c index d046681e957..863d5603eec 100644 --- a/usr.sbin/dhcpd/bpf.c +++ b/usr.sbin/dhcpd/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.16 2017/02/13 23:04:05 krw Exp $ */ +/* $OpenBSD: bpf.c,v 1.17 2017/04/18 13:44:03 krw Exp $ */ /* BPF socket interface code, originally contributed by Archie Cobbs. */ @@ -278,13 +278,13 @@ receive_packet(struct interface_info *interface, unsigned char *buf, */ do { /* If the buffer is empty, fill it. */ - if (interface->rbuf_offset == interface->rbuf_len) { + if (interface->rbuf_offset >= interface->rbuf_len) { length = read(interface->rfdesc, interface->rbuf, interface->rbuf_max); if (length <= 0) return (length); interface->rbuf_offset = 0; - interface->rbuf_len = BPF_WORDALIGN(length); + interface->rbuf_len = length; } /* |