source-git / libpcap

Clone
Source Code
GIT

Blame bpf_filter.c

c8 c8s master
  1.   a9f62de8d70fbcf22339eb345f27259751af891a
  2.   bpf_filter.c
Blob History Raw
Packit 209cc3 
/*-
Packit 209cc3 
 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
Packit 209cc3 
 *	The Regents of the University of California.  All rights reserved.
Packit 209cc3 
 *
Packit 209cc3 
 * This code is derived from the Stanford/CMU enet packet filter,
Packit 209cc3 
 * (net/enet.c) distributed as part of 4.3BSD, and code contributed
Packit 209cc3 
 * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence
Packit 209cc3 
 * Berkeley Laboratory.
Packit 209cc3 
 *
Packit 209cc3 
 * Redistribution and use in source and binary forms, with or without
Packit 209cc3 
 * modification, are permitted provided that the following conditions
Packit 209cc3 
 * are met:
Packit 209cc3 
 * 1. Redistributions of source code must retain the above copyright
Packit 209cc3 
 *    notice, this list of conditions and the following disclaimer.
Packit 209cc3 
 * 2. Redistributions in binary form must reproduce the above copyright
Packit 209cc3 
 *    notice, this list of conditions and the following disclaimer in the
Packit 209cc3 
 *    documentation and/or other materials provided with the distribution.
Packit 209cc3 
 * 3. All advertising materials mentioning features or use of this software
Packit 209cc3 
 *    must display the following acknowledgement:
Packit 209cc3 
 *	This product includes software developed by the University of
Packit 209cc3 
 *	California, Berkeley and its contributors.
Packit 209cc3 
 * 4. Neither the name of the University nor the names of its contributors
Packit 209cc3 
 *    may be used to endorse or promote products derived from this software
Packit 209cc3 
 *    without specific prior written permission.
Packit 209cc3 
 *
Packit 209cc3 
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
Packit 209cc3 
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
Packit 209cc3 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
Packit 209cc3 
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
Packit 209cc3 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
Packit 209cc3 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
Packit 209cc3 
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
Packit 209cc3 
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
Packit 209cc3 
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
Packit 209cc3 
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
Packit 209cc3 
 * SUCH DAMAGE.
Packit 209cc3 
 *
Packit 209cc3 
 *	@(#)bpf.c	7.5 (Berkeley) 7/15/91
Packit 209cc3 
 */
Packit 209cc3
Packit 209cc3 
#ifdef HAVE_CONFIG_H
Packit 209cc3 
#include <config.h>
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#include <pcap/pcap-inttypes.h>
Packit 209cc3 
#include "pcap-types.h"
Packit 209cc3
Packit 209cc3 
#ifndef _WIN32
Packit 209cc3 
#include <sys/param.h>
Packit 209cc3 
#include <sys/types.h>
Packit 209cc3 
#include <sys/time.h>
Packit 209cc3 
#endif /* _WIN32 */
Packit 209cc3
Packit 209cc3 
#include <pcap-int.h>
Packit 209cc3
Packit 209cc3 
#include <stdlib.h>
Packit 209cc3
Packit 209cc3 
#define int32 bpf_int32
Packit 209cc3 
#define u_int32 bpf_u_int32
Packit 209cc3
Packit 209cc3 
#ifndef LBL_ALIGN
Packit 209cc3 
/*
Packit 209cc3 
 * XXX - IA-64?  If not, this probably won't work on Win64 IA-64
Packit 209cc3 
 * systems, unless LBL_ALIGN is defined elsewhere for them.
Packit 209cc3 
 * XXX - SuperH?  If not, this probably won't work on WinCE SuperH
Packit 209cc3 
 * systems, unless LBL_ALIGN is defined elsewhere for them.
Packit 209cc3 
 */
Packit 209cc3 
#if defined(sparc) || defined(__sparc__) || defined(mips) || \
Packit 209cc3 
    defined(ibm032) || defined(__alpha) || defined(__hpux) || \
Packit 209cc3 
    defined(__arm__)
Packit 209cc3 
#define LBL_ALIGN
Packit 209cc3 
#endif
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifndef LBL_ALIGN
Packit 209cc3 
#ifndef _WIN32
Packit 209cc3 
#include <netinet/in.h>
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#define EXTRACT_SHORT(p)	((u_short)ntohs(*(u_short *)p))
Packit 209cc3 
#define EXTRACT_LONG(p)		(ntohl(*(u_int32 *)p))
Packit 209cc3 
#else
Packit 209cc3 
#define EXTRACT_SHORT(p)\
Packit 209cc3 
	((u_short)\
Packit 209cc3 
		((u_short)*((u_char *)p+0)<<8|\
Packit 209cc3 
		 (u_short)*((u_char *)p+1)<<0))
Packit 209cc3 
#define EXTRACT_LONG(p)\
Packit 209cc3 
		((u_int32)*((u_char *)p+0)<<24|\
Packit 209cc3 
		 (u_int32)*((u_char *)p+1)<<16|\
Packit 209cc3 
		 (u_int32)*((u_char *)p+2)<<8|\
Packit 209cc3 
		 (u_int32)*((u_char *)p+3)<<0)
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
#ifdef __linux__
Packit 209cc3 
#include <linux/types.h>
Packit 209cc3 
#include <linux/if_packet.h>
Packit 209cc3 
#include <linux/filter.h>
Packit 209cc3 
#endif
Packit 209cc3
Packit 209cc3 
enum {
Packit 209cc3 
        BPF_S_ANC_NONE,
Packit 209cc3 
        BPF_S_ANC_VLAN_TAG,
Packit 209cc3 
        BPF_S_ANC_VLAN_TAG_PRESENT,
Packit 209cc3 
};
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Execute the filter program starting at pc on the packet p
Packit 209cc3 
 * wirelen is the length of the original packet
Packit 209cc3 
 * buflen is the amount of data present
Packit 209cc3 
 * aux_data is auxiliary data, currently used only when interpreting
Packit 209cc3 
 * filters intended for the Linux kernel in cases where the kernel
Packit 209cc3 
 * rejects the filter; it contains VLAN tag information
Packit 209cc3 
 * For the kernel, p is assumed to be a pointer to an mbuf if buflen is 0,
Packit 209cc3 
 * in all other cases, p is a pointer to a buffer and buflen is its size.
Packit 209cc3 
 *
Packit 209cc3 
 * Thanks to Ani Sinha <ani@arista.com> for providing initial implementation
Packit 209cc3 
 */
Packit 209cc3 
u_int
Packit 209cc3 
bpf_filter_with_aux_data(const struct bpf_insn *pc, const u_char *p,
Packit 209cc3 
    u_int wirelen, u_int buflen, const struct bpf_aux_data *aux_data)
Packit 209cc3 
{
Packit 209cc3 
	register u_int32 A, X;
Packit 209cc3 
	register bpf_u_int32 k;
Packit 209cc3 
	u_int32 mem[BPF_MEMWORDS];
Packit 209cc3
Packit 209cc3 
	if (pc == 0)
Packit 209cc3 
		/*
Packit 209cc3 
		 * No filter means accept all.
Packit 209cc3 
		 */
Packit 209cc3 
		return (u_int)-1;
Packit 209cc3 
	A = 0;
Packit 209cc3 
	X = 0;
Packit 209cc3 
	--pc;
Packit 209cc3 
	for (;;) {
Packit 209cc3 
		++pc;
Packit 209cc3 
		switch (pc->code) {
Packit 209cc3
Packit 209cc3 
		default:
Packit 209cc3 
			abort();
Packit 209cc3 
		case BPF_RET|BPF_K:
Packit 209cc3 
			return (u_int)pc->k;
Packit 209cc3
Packit 209cc3 
		case BPF_RET|BPF_A:
Packit 209cc3 
			return (u_int)A;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_W|BPF_ABS:
Packit 209cc3 
			k = pc->k;
Packit 209cc3 
			if (k > buflen || sizeof(int32_t) > buflen - k) {
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			A = EXTRACT_LONG(&p[k]);
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_H|BPF_ABS:
Packit 209cc3 
			k = pc->k;
Packit 209cc3 
			if (k > buflen || sizeof(int16_t) > buflen - k) {
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			A = EXTRACT_SHORT(&p[k]);
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_B|BPF_ABS:
Packit 209cc3 
			switch (pc->k) {
Packit 209cc3
Packit 209cc3 
#if defined(SKF_AD_VLAN_TAG_PRESENT)
Packit 209cc3 
			case SKF_AD_OFF + SKF_AD_VLAN_TAG:
Packit 209cc3 
				if (!aux_data)
Packit 209cc3 
					return 0;
Packit 209cc3 
				A = aux_data->vlan_tag;
Packit 209cc3 
				break;
Packit 209cc3
Packit 209cc3 
			case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT:
Packit 209cc3 
				if (!aux_data)
Packit 209cc3 
					return 0;
Packit 209cc3 
				A = aux_data->vlan_tag_present;
Packit 209cc3 
				break;
Packit 209cc3 
#endif
Packit 209cc3 
			default:
Packit 209cc3 
				k = pc->k;
Packit 209cc3 
				if (k >= buflen) {
Packit 209cc3 
					return 0;
Packit 209cc3 
				}
Packit 209cc3 
				A = p[k];
Packit 209cc3 
				break;
Packit 209cc3 
			}
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_W|BPF_LEN:
Packit 209cc3 
			A = wirelen;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LDX|BPF_W|BPF_LEN:
Packit 209cc3 
			X = wirelen;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_W|BPF_IND:
Packit 209cc3 
			k = X + pc->k;
Packit 209cc3 
			if (pc->k > buflen || X > buflen - pc->k ||
Packit 209cc3 
			    sizeof(int32_t) > buflen - k) {
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			A = EXTRACT_LONG(&p[k]);
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_H|BPF_IND:
Packit 209cc3 
			k = X + pc->k;
Packit 209cc3 
			if (X > buflen || pc->k > buflen - X ||
Packit 209cc3 
			    sizeof(int16_t) > buflen - k) {
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			A = EXTRACT_SHORT(&p[k]);
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_B|BPF_IND:
Packit 209cc3 
			k = X + pc->k;
Packit 209cc3 
			if (pc->k >= buflen || X >= buflen - pc->k) {
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			A = p[k];
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LDX|BPF_MSH|BPF_B:
Packit 209cc3 
			k = pc->k;
Packit 209cc3 
			if (k >= buflen) {
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			X = (p[pc->k] & 0xf) << 2;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_IMM:
Packit 209cc3 
			A = pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LDX|BPF_IMM:
Packit 209cc3 
			X = pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LD|BPF_MEM:
Packit 209cc3 
			A = mem[pc->k];
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_LDX|BPF_MEM:
Packit 209cc3 
			X = mem[pc->k];
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ST:
Packit 209cc3 
			mem[pc->k] = A;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_STX:
Packit 209cc3 
			mem[pc->k] = X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JA:
Packit 209cc3 
			/*
Packit 209cc3 
			 * XXX - we currently implement "ip6 protochain"
Packit 209cc3 
			 * with backward jumps, so sign-extend pc->k.
Packit 209cc3 
			 */
Packit 209cc3 
			pc += (bpf_int32)pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JGT|BPF_K:
Packit 209cc3 
			pc += (A > pc->k) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JGE|BPF_K:
Packit 209cc3 
			pc += (A >= pc->k) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JEQ|BPF_K:
Packit 209cc3 
			pc += (A == pc->k) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JSET|BPF_K:
Packit 209cc3 
			pc += (A & pc->k) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JGT|BPF_X:
Packit 209cc3 
			pc += (A > X) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JGE|BPF_X:
Packit 209cc3 
			pc += (A >= X) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JEQ|BPF_X:
Packit 209cc3 
			pc += (A == X) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_JMP|BPF_JSET|BPF_X:
Packit 209cc3 
			pc += (A & X) ? pc->jt : pc->jf;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_ADD|BPF_X:
Packit 209cc3 
			A += X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_SUB|BPF_X:
Packit 209cc3 
			A -= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_MUL|BPF_X:
Packit 209cc3 
			A *= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_DIV|BPF_X:
Packit 209cc3 
			if (X == 0)
Packit 209cc3 
				return 0;
Packit 209cc3 
			A /= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_MOD|BPF_X:
Packit 209cc3 
			if (X == 0)
Packit 209cc3 
				return 0;
Packit 209cc3 
			A %= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_AND|BPF_X:
Packit 209cc3 
			A &= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_OR|BPF_X:
Packit 209cc3 
			A |= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_XOR|BPF_X:
Packit 209cc3 
			A ^= X;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_LSH|BPF_X:
Packit 209cc3 
			if (X < 32)
Packit 209cc3 
				A <<= X;
Packit 209cc3 
			else
Packit 209cc3 
				A = 0;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_RSH|BPF_X:
Packit 209cc3 
			if (X < 32)
Packit 209cc3 
				A >>= X;
Packit 209cc3 
			else
Packit 209cc3 
				A = 0;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_ADD|BPF_K:
Packit 209cc3 
			A += pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_SUB|BPF_K:
Packit 209cc3 
			A -= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_MUL|BPF_K:
Packit 209cc3 
			A *= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_DIV|BPF_K:
Packit 209cc3 
			A /= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_MOD|BPF_K:
Packit 209cc3 
			A %= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_AND|BPF_K:
Packit 209cc3 
			A &= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_OR|BPF_K:
Packit 209cc3 
			A |= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_XOR|BPF_K:
Packit 209cc3 
			A ^= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_LSH|BPF_K:
Packit 209cc3 
			A <<= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_RSH|BPF_K:
Packit 209cc3 
			A >>= pc->k;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_ALU|BPF_NEG:
Packit 209cc3 
			/*
Packit 209cc3 
			 * Most BPF arithmetic is unsigned, but negation
Packit 209cc3 
			 * can't be unsigned; respecify it as subtracting
Packit 209cc3 
			 * the accumulator from 0U, so that 1) we don't
Packit 209cc3 
			 * get compiler warnings about negating an unsigned
Packit 209cc3 
			 * value and 2) don't get UBSan warnings about
Packit 209cc3 
			 * the result of negating 0x80000000 being undefined.
Packit 209cc3 
			 */
Packit 209cc3 
			A = (0U - A);
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_MISC|BPF_TAX:
Packit 209cc3 
			X = A;
Packit 209cc3 
			continue;
Packit 209cc3
Packit 209cc3 
		case BPF_MISC|BPF_TXA:
Packit 209cc3 
			A = X;
Packit 209cc3 
			continue;
Packit 209cc3 
		}
Packit 209cc3 
	}
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3 
u_int
Packit 209cc3 
bpf_filter(const struct bpf_insn *pc, const u_char *p, u_int wirelen,
Packit 209cc3 
    u_int buflen)
Packit 209cc3 
{
Packit 209cc3 
	return bpf_filter_with_aux_data(pc, p, wirelen, buflen, NULL);
Packit 209cc3 
}
Packit 209cc3
Packit 209cc3
Packit 209cc3 
/*
Packit 209cc3 
 * Return true if the 'fcode' is a valid filter program.
Packit 209cc3 
 * The constraints are that each jump be forward and to a valid
Packit 209cc3 
 * code, that memory accesses are within valid ranges (to the
Packit 209cc3 
 * extent that this can be checked statically; loads of packet
Packit 209cc3 
 * data have to be, and are, also checked at run time), and that
Packit 209cc3 
 * the code terminates with either an accept or reject.
Packit 209cc3 
 *
Packit 209cc3 
 * The kernel needs to be able to verify an application's filter code.
Packit 209cc3 
 * Otherwise, a bogus program could easily crash the system.
Packit 209cc3 
 */
Packit 209cc3 
int
Packit 209cc3 
bpf_validate(const struct bpf_insn *f, int len)
Packit 209cc3 
{
Packit 209cc3 
	u_int i, from;
Packit 209cc3 
	const struct bpf_insn *p;
Packit 209cc3
Packit 209cc3 
	if (len < 1)
Packit 209cc3 
		return 0;
Packit 209cc3
Packit 209cc3 
	for (i = 0; i < (u_int)len; ++i) {
Packit 209cc3 
		p = &f[i];
Packit 209cc3 
		switch (BPF_CLASS(p->code)) {
Packit 209cc3 
		/*
Packit 209cc3 
		 * Check that memory operations use valid addresses.
Packit 209cc3 
		 */
Packit 209cc3 
		case BPF_LD:
Packit 209cc3 
		case BPF_LDX:
Packit 209cc3 
			switch (BPF_MODE(p->code)) {
Packit 209cc3 
			case BPF_IMM:
Packit 209cc3 
				break;
Packit 209cc3 
			case BPF_ABS:
Packit 209cc3 
			case BPF_IND:
Packit 209cc3 
			case BPF_MSH:
Packit 209cc3 
				/*
Packit 209cc3 
				 * There's no maximum packet data size
Packit 209cc3 
				 * in userland.  The runtime packet length
Packit 209cc3 
				 * check suffices.
Packit 209cc3 
				 */
Packit 209cc3 
				break;
Packit 209cc3 
			case BPF_MEM:
Packit 209cc3 
				if (p->k >= BPF_MEMWORDS)
Packit 209cc3 
					return 0;
Packit 209cc3 
				break;
Packit 209cc3 
			case BPF_LEN:
Packit 209cc3 
				break;
Packit 209cc3 
			default:
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			break;
Packit 209cc3 
		case BPF_ST:
Packit 209cc3 
		case BPF_STX:
Packit 209cc3 
			if (p->k >= BPF_MEMWORDS)
Packit 209cc3 
				return 0;
Packit 209cc3 
			break;
Packit 209cc3 
		case BPF_ALU:
Packit 209cc3 
			switch (BPF_OP(p->code)) {
Packit 209cc3 
			case BPF_ADD:
Packit 209cc3 
			case BPF_SUB:
Packit 209cc3 
			case BPF_MUL:
Packit 209cc3 
			case BPF_OR:
Packit 209cc3 
			case BPF_AND:
Packit 209cc3 
			case BPF_XOR:
Packit 209cc3 
			case BPF_LSH:
Packit 209cc3 
			case BPF_RSH:
Packit 209cc3 
			case BPF_NEG:
Packit 209cc3 
				break;
Packit 209cc3 
			case BPF_DIV:
Packit 209cc3 
			case BPF_MOD:
Packit 209cc3 
				/*
Packit 209cc3 
				 * Check for constant division or modulus
Packit 209cc3 
				 * by 0.
Packit 209cc3 
				 */
Packit 209cc3 
				if (BPF_SRC(p->code) == BPF_K && p->k == 0)
Packit 209cc3 
					return 0;
Packit 209cc3 
				break;
Packit 209cc3 
			default:
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			break;
Packit 209cc3 
		case BPF_JMP:
Packit 209cc3 
			/*
Packit 209cc3 
			 * Check that jumps are within the code block,
Packit 209cc3 
			 * and that unconditional branches don't go
Packit 209cc3 
			 * backwards as a result of an overflow.
Packit 209cc3 
			 * Unconditional branches have a 32-bit offset,
Packit 209cc3 
			 * so they could overflow; we check to make
Packit 209cc3 
			 * sure they don't.  Conditional branches have
Packit 209cc3 
			 * an 8-bit offset, and the from address is <=
Packit 209cc3 
			 * BPF_MAXINSNS, and we assume that BPF_MAXINSNS
Packit 209cc3 
			 * is sufficiently small that adding 255 to it
Packit 209cc3 
			 * won't overflow.
Packit 209cc3 
			 *
Packit 209cc3 
			 * We know that len is <= BPF_MAXINSNS, and we
Packit 209cc3 
			 * assume that BPF_MAXINSNS is < the maximum size
Packit 209cc3 
			 * of a u_int, so that i + 1 doesn't overflow.
Packit 209cc3 
			 *
Packit 209cc3 
			 * For userland, we don't know that the from
Packit 209cc3 
			 * or len are <= BPF_MAXINSNS, but we know that
Packit 209cc3 
			 * from <= len, and, except on a 64-bit system,
Packit 209cc3 
			 * it's unlikely that len, if it truly reflects
Packit 209cc3 
			 * the size of the program we've been handed,
Packit 209cc3 
			 * will be anywhere near the maximum size of
Packit 209cc3 
			 * a u_int.  We also don't check for backward
Packit 209cc3 
			 * branches, as we currently support them in
Packit 209cc3 
			 * userland for the protochain operation.
Packit 209cc3 
			 */
Packit 209cc3 
			from = i + 1;
Packit 209cc3 
			switch (BPF_OP(p->code)) {
Packit 209cc3 
			case BPF_JA:
Packit 209cc3 
				if (from + p->k >= (u_int)len)
Packit 209cc3 
					return 0;
Packit 209cc3 
				break;
Packit 209cc3 
			case BPF_JEQ:
Packit 209cc3 
			case BPF_JGT:
Packit 209cc3 
			case BPF_JGE:
Packit 209cc3 
			case BPF_JSET:
Packit 209cc3 
				if (from + p->jt >= (u_int)len || from + p->jf >= (u_int)len)
Packit 209cc3 
					return 0;
Packit 209cc3 
				break;
Packit 209cc3 
			default:
Packit 209cc3 
				return 0;
Packit 209cc3 
			}
Packit 209cc3 
			break;
Packit 209cc3 
		case BPF_RET:
Packit 209cc3 
			break;
Packit 209cc3 
		case BPF_MISC:
Packit 209cc3 
			break;
Packit 209cc3 
		default:
Packit 209cc3 
			return 0;
Packit 209cc3 
		}
Packit 209cc3 
	}
Packit 209cc3 
	return BPF_CLASS(f[len - 1].code) == BPF_RET;
Packit 209cc3 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation