Fix mbuf releated crashes in switch(4). They have been found by
syzkaller as pool corruption panic. It is unclear which bug caused
what, but it should be better now.
- Check M_PKTHDR with assertion before accessing m_pkthdr.
- Do not access oh_length without m_pullup().
- After checking if there is space at the end of the mbuf, don't
overwrite the data at the beginning. Append the new content.
- Do not set m_len and m_pkthdr.len when it is unclear whether
the ofp_error header fits at all. Use m_makespace() to adjust
the mbuf.
Reported-by: syzbot+6efc0a9d5b700b54392e@syzkaller.appspotmail.com
test akoshibe@; OK claudio@
projects / openbsd / commit