[Bug 263824] genet(4): Driver interface may overwrite memory in a consecutive memory copy operations when parsing TX packet
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 23 May 2022 11:59:48 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263824 --- Comment #7 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=7e6e22aab6b993e42328bafe0f64ee14a2b7c43c commit 7e6e22aab6b993e42328bafe0f64ee14a2b7c43c Author: Mike Karels <karels@FreeBSD.org> AuthorDate: 2022-05-09 12:19:52 +0000 Commit: Mike Karels <karels@FreeBSD.org> CommitDate: 2022-05-23 11:53:01 +0000 genet: fix output packet corruption in uncommon case The code for the "shift" block in the COPY macro set the pointer for the next copy block to the wrong value. In this case, the link-layer header would be overwritten by the network-layer header. This case is difficult or impossible to exercise in the current driver without changing the value of the hw.genet.tx_hdr_min sysctl. Correct the pointer. While here, remove a line in the macro that was marked "unneeded", which was actually wrong. PR: 263824 Submitted by: jiahali@blackberry.com (cherry picked from commit 1de9aa4d4f7938f36e6485dad817908a6e45bb32) sys/arm64/broadcom/genet/if_genet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.