[src/trunk]: src/sys/dist/pf/net pull following fixes from openbsd. ok'ed by...

[yamt <yamt%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c5316cf03ae8
branches:  trunk
changeset: 569847:c5316cf03ae8
user:      yamt <yamt%NetBSD.org@localhost>
date:      Thu Sep 09 14:56:00 2004 +0000

description:
pull following fixes from openbsd.  ok'ed by itojun.

> ----------------------------
> revision 1.58
> date: 2004/06/23 04:34:17;  author: mcbride;  state: Exp;  lines: +5 -3
> pfr_commit_ktable calls functions that can result in the current
> ktable being destroyed, which makes it unsafe in a SLIST_FOREACH.
>
> Fix from Chris Pascoe
> ----------------------------
> revision 1.56
> date: 2004/06/11 05:21:20;  author: mcbride;  state: Exp;  lines: +5 -3
> Eliminate a dereference after pool_put when an inactive/no-longer referenced
> table is destroyed in pfr_setflags_ktable.
>
> Fix from Chris Pascoe
> ----------------------------

diffstat:

 sys/dist/pf/net/pf_table.c |  14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diffs (45 lines):

diff -r 026975544ac4 -r c5316cf03ae8 sys/dist/pf/net/pf_table.c
--- a/sys/dist/pf/net/pf_table.c        Thu Sep 09 10:45:52 2004 +0000
+++ b/sys/dist/pf/net/pf_table.c        Thu Sep 09 14:56:00 2004 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: pf_table.c,v 1.3 2004/06/29 04:42:55 itojun Exp $      */
+/*     $NetBSD: pf_table.c,v 1.4 2004/09/09 14:56:00 yamt Exp $        */
 /*     $OpenBSD: pf_table.c,v 1.47 2004/03/09 21:44:41 mcbride Exp $   */
 
 /*
@@ -1550,7 +1550,7 @@
 pfr_ina_commit(struct pfr_table *trs, u_int32_t ticket, int *nadd,
     int *nchange, int flags)
 {
-       struct pfr_ktable       *p;
+       struct pfr_ktable       *p, *q;
        struct pfr_ktableworkq   workq;
        struct pf_ruleset       *rs;
        int                      s = 0, xadd = 0, xchange = 0;
@@ -1576,8 +1576,10 @@
        if (!(flags & PFR_FLAG_DUMMY)) {
                if (flags & PFR_FLAG_ATOMIC)
                        s = splsoftnet();
-               SLIST_FOREACH(p, &workq, pfrkt_workq)
+               for (p = SLIST_FIRST(&workq); p != NULL; p = q) {
+                       q = SLIST_NEXT(p, pfrkt_workq);
                        pfr_commit_ktable(p, tzero);
+               }
                if (flags & PFR_FLAG_ATOMIC)
                        splx(s);
                rs->topen = 0;
@@ -1728,10 +1730,12 @@
 void
 pfr_setflags_ktables(struct pfr_ktableworkq *workq)
 {
-       struct pfr_ktable       *p;
+       struct pfr_ktable       *p, *q;
 
-       SLIST_FOREACH(p, workq, pfrkt_workq)
+       for (p = SLIST_FIRST(workq); p; p = q) {
+               q = SLIST_NEXT(p, pfrkt_workq);
                pfr_setflags_ktable(p, p->pfrkt_nflags);
+       }
 }
 
 void