From d0c5714da1fdf4293227869eb8c006365705d394 Mon Sep 17 00:00:00 2001 From: luigi Date: Thu, 8 Feb 2001 22:21:30 +0000 Subject: [PATCH] Make sure that we do not accept packets shorter than a full ethernet header, or we would have a negative length passed to ether_input(). --- sys/dev/ed/if_ed.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sys/dev/ed/if_ed.c b/sys/dev/ed/if_ed.c index 2c0967c7473..1d877cbfb4a 100644 --- a/sys/dev/ed/if_ed.c +++ b/sys/dev/ed/if_ed.c @@ -2174,8 +2174,10 @@ ed_rint(sc) * we have a length that will fit into one mbuf cluster or less; * the upper layer protocols can then figure out the length from * their own length field(s). + * But make sure that we have at least a full ethernet header + * or we would be unable to call ether_input() later. */ - if ((len > sizeof(struct ed_ring)) && + if ((len > sizeof(struct ed_ring) + ETHER_HDR_LEN) && (len <= MCLBYTES) && (packet_hdr.next_packet >= sc->rec_page_start) && (packet_hdr.next_packet < sc->rec_page_stop)) { -- 2.45.2