Subject: port-alpha/3412: ipfilter crashes netbsd/alpha
To: None <gnats-bugs@gnats.netbsd.org>
From: None <ross@teraflop.com>
List: netbsd-bugs
Date: 03/29/1997 23:47:46
>Number:         3412
>Category:       port-alpha
>Synopsis:       incorrect use of long crashes netbsd/alpha
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Mar 29 23:50:01 1997
>Last-Modified:
>Originator:     Ross Harvey
>Organization:
Avalon Computer Systems, Inc.
>Release:        NetBSD-current
>Environment:
System: NetBSD epsilon.ghs.com 1.2D NetBSD 1.2D (e) #5: Sat Mar 29 22:32:33 PST 1997 ross@epsilon.ghs.com:/bsd/ross/e alpha

>Description:
	Adding "pseudo-device ipfilter 1" to netbsd/alpha will
	cause it to crash when ifconfig turns on the interface.

	Ipfilter code in netinet/fil.c uses pointer arithmetic to
	effectively make structure-to-scalar casts. It uses long when
	it really wants an int32 and gets alignment faults that crash
	netbsd/alpha. General 64 bit problem, not exactly alpha.

>How-To-Repeat:
	Add pseudo-device ipfilter 1. Boot your alpha. 2. Try to come
	up multiuser. The first packet or so will halt everything. 

>Fix:
	Apply patch...
--- netinet/original-fil.c	Sat Mar 29 23:28:29 1997
+++ netinet/fil.c	Sat Mar 29 22:31:57 1997
@@ -192,8 +192,8 @@
 	tcp = (tcphdr_t *)((char *)ip + hlen);
 	fin->fin_dp = (void *)tcp;
 	(*(((u_short *)fi) + 1)) = (*(((u_short *)ip) + 4));
-	(*(((u_long *)fi) + 1)) = (*(((u_long *)ip) + 3));
-	(*(((u_long *)fi) + 2)) = (*(((u_long *)ip) + 4));
+	(*(((u_int32_t *)fi) + 1)) = (*(((u_int32_t *)ip) + 3));
+	(*(((u_int32_t *)fi) + 2)) = (*(((u_int32_t *)ip) + 4));
 
 	fi->fi_fl = (hlen > sizeof(struct ip)) ? FI_OPTIONS : 0;
 	off = (ip->ip_off & 0x1fff) << 3;


	If it were me, I wouldn't do the pointer bit banging. I would just
	assign the fields. I don't know if this makes ipfilter work, but it
	fixes the immediate crash. There are lots of other incorrect longs,
	but most appear to just allocate unintended but harmless extra bits.

	I've notified darrenr@cyber.com.au.
>Audit-Trail:
>Unformatted: