From: Samuel J. Greear <sjg@thesjg.com>
Date: Thu, 9 Sep 2010 01:12:31 +0000 (+0000)
Subject: userland - dhclient - Fix possible infinite loop
X-Git-Tag: v2.9.0~259
X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/db2a08265dc67538d417f14ccdc9fdef6fb0d60b?hp=cffbd125c09076b18595db53d8de479b18beccb7

userland - dhclient - Fix possible infinite loop

FreeBSD commit message:

It is possible for bpf to return a length such that:

	length != BPF_WORDALIGN(length)

This meeans that it is possible for this to be true:

	interface->rbuf_offset > interface->rbuf_len

Handle this case in the test for running out of packets.  While
OpenBSD's solution of setting interface->rbuf_len to
BPF_WORDALIGN(length) is safe due to the size of the buffer, I think
this solution results in less hidden assumptions.

This should fix the problem of dhclient running away and consuming 100%
CPU.

PR:		bin/102226
Submitted by:	Joost Bekkers <joost at jodocus.org>

Reported-by:	Many
Obtained-from:	FreeBSD
---

diff --git a/sbin/dhclient/bpf.c b/sbin/dhclient/bpf.c
index 757f58e5f7..85aa3f0b92 100644
--- a/sbin/dhclient/bpf.c
+++ b/sbin/dhclient/bpf.c
@@ -323,7 +323,7 @@ receive_packet(struct sockaddr_in *from, struct hardware *hfrom)
 	 */
 	do {
 		/* If the buffer is empty, fill it. */
-		if (ifi->rbuf_offset == ifi->rbuf_len) {
+		if (ifi->rbuf_offset >= ifi->rbuf_len) {
 			length = read(ifi->rfdesc, ifi->rbuf, ifi->rbuf_max);
 			if (length <= 0)
 				return (length);