[Bug 263824] genet(4): Driver interface may overwrite memory in a consecutive memory copy operations when parsing TX packet
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 23 May 2022 11:59:48 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263824
--- Comment #7 from commit-hook@FreeBSD.org ---
A commit in branch stable/13 references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7e6e22aab6b993e42328bafe0f64ee14a2b7c43c
commit 7e6e22aab6b993e42328bafe0f64ee14a2b7c43c
Author: Mike Karels <karels@FreeBSD.org>
AuthorDate: 2022-05-09 12:19:52 +0000
Commit: Mike Karels <karels@FreeBSD.org>
CommitDate: 2022-05-23 11:53:01 +0000
genet: fix output packet corruption in uncommon case
The code for the "shift" block in the COPY macro set the pointer for
the next copy block to the wrong value. In this case, the link-layer
header would be overwritten by the network-layer header. This case is
difficult or impossible to exercise in the current driver without
changing the value of the hw.genet.tx_hdr_min sysctl. Correct the
pointer. While here, remove a line in the macro that was marked
"unneeded", which was actually wrong.
PR: 263824
Submitted by: jiahali@blackberry.com
(cherry picked from commit 1de9aa4d4f7938f36e6485dad817908a6e45bb32)
sys/arm64/broadcom/genet/if_genet.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--
You are receiving this mail because:
You are on the CC list for the bug.