kern/89752: [bpf] [patch] bpf_validate() needs to do more checks
Jung-uk Kim
jkim at FreeBSD.org
Wed Dec 7 15:40:10 PST 2005
The following reply was made to PR kern/89752; it has been noted by GNATS.
From: Jung-uk Kim <jkim at FreeBSD.org>
To: Guy Harris <guy at alum.mit.edu>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/89752: [bpf] [patch] bpf_validate() needs to do more checks
Date: Wed, 7 Dec 2005 18:37:59 -0500
On Wednesday 07 December 2005 06:11 pm, Guy Harris wrote:
> On Dec 7, 2005, at 2:32 PM, Jung-uk Kim wrote:
> > It looks good but `bpf_maxbufsize' may be unavailable to other
> > consumers such as ng_bpf(4) and it doesn't make sense to them.
>
> Then that check can probably be removed - OpenBSD's consumers might
> all use bpf_maxbufsize, so it was OK for them, and it's just an
> optimization anyway (as the comment says, a "More strict check with
> actual packet length is done runtime").
I found another problem. BPF_MAXINSNS is tunable in FreeBSD and it is
not available to use for others. If we remove the check also,
there's no difference from the previous implementation. :-(
> (BTW, this was from OpenBSD; if you check it in, say it's from Otto
> Moerbeek's changes to OpenBSD, do *NOT* give me direct credit for
> it!)
Thanks for letting us know.
Jung-uk Kim
More information about the freebsd-bugs
mailing list