Date: Thu, 15 Oct 2009 20:15:29 +0000 (UTC) From: Andrew Thompson <thompsa@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r198153 - head/sys/dev/usb/net Message-ID: <200910152015.n9FKFTEQ083518@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: thompsa Date: Thu Oct 15 20:15:29 2009 New Revision: 198153 URL: http://svn.freebsd.org/changeset/base/198153 Log: Correct offset calcluation for the NCM implementation. Submitted by: HPS Modified: head/sys/dev/usb/net/if_cdce.c Modified: head/sys/dev/usb/net/if_cdce.c ============================================================================== --- head/sys/dev/usb/net/if_cdce.c Thu Oct 15 20:09:27 2009 (r198152) +++ head/sys/dev/usb/net/if_cdce.c Thu Oct 15 20:15:29 2009 (r198153) @@ -1088,7 +1088,7 @@ cdce_ncm_fill_tx_frames(struct usb_xfer sc->sc_ncm.hdr.dwSignature[2] = 'M'; sc->sc_ncm.hdr.dwSignature[3] = 'H'; USETW(sc->sc_ncm.hdr.wHeaderLength, sizeof(sc->sc_ncm.hdr)); - USETW(sc->sc_ncm.hdr.wBlockLength, offset); + USETW(sc->sc_ncm.hdr.wBlockLength, last_offset); USETW(sc->sc_ncm.hdr.wSequence, sc->sc_ncm.tx_seq); USETW(sc->sc_ncm.hdr.wDptIndex, sizeof(sc->sc_ncm.hdr)); @@ -1243,25 +1243,24 @@ cdce_ncm_bulk_read_callback(struct usb_x offset = UGETW(sc->sc_ncm.dp[x].wFrameIndex); temp = UGETW(sc->sc_ncm.dp[x].wFrameLength); - if ((offset + temp) > actlen) { - DPRINTFN(1, "invalid frame detected (ignored)\n"); - m = NULL; - } else if (temp >= sizeof(struct ether_header)) { - /* - * allocate a suitable memory buffer, if - * possible - */ - if (temp > (MCLBYTES - ETHER_ALIGN)) { - m = NULL; - continue; - } if (temp > (MHLEN - ETHER_ALIGN)) { - m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); - } else { - m = m_gethdr(M_DONTWAIT, MT_DATA); - } + if ((offset == 0) || + (temp < sizeof(struct ether_header)) || + (temp > (MCLBYTES - ETHER_ALIGN))) { + DPRINTFN(1, "NULL frame detected at %d\n", x); + m = NULL; + /* silently ignore this frame */ + continue; + } else if ((offset + temp) > actlen) { + DPRINTFN(1, "invalid frame " + "detected at %d\n", x); + m = NULL; + /* silently ignore this frame */ + continue; + } else if (temp > (MHLEN - ETHER_ALIGN)) { + m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); } else { - m = NULL; /* dump it */ + m = m_gethdr(M_DONTWAIT, MT_DATA); } DPRINTFN(16, "frame %u, offset = %u, length = %u \n",
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910152015.n9FKFTEQ083518>