[src/netbsd-8]: src/sys/external/bsd/ipf/netinet Pull up following revision(s...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-8]: src/sys/external/bsd/ipf/netinet Pull up following revision(s...
From: snj <snj%NetBSD.org@localhost>
Date: Sun, 14 Oct 2018 19:50:20 +0000

details:   https://anonhg.NetBSD.org/src/rev/2f8383169121
branches:  netbsd-8
changeset: 434389:2f8383169121
user:      snj <snj%NetBSD.org@localhost>
date:      Fri Nov 17 20:20:22 2017 +0000

description:
Pull up following revision(s) (requested by sborrill in ticket #352):
        sys/external/bsd/ipf/netinet/ip_state.c: 1.9-1.10
When growing the state, remember to grow the seed array, otherwise we'll end
up accessing memory we did not allocate.
--
put back the cast.

diffstat:

 sys/external/bsd/ipf/netinet/ip_state.c |  65 ++++++++++++++++++++++----------
 1 files changed, 45 insertions(+), 20 deletions(-)

diffs (117 lines):

diff -r 0947b2c94a0a -r 2f8383169121 sys/external/bsd/ipf/netinet/ip_state.c
--- a/sys/external/bsd/ipf/netinet/ip_state.c   Fri Nov 17 15:08:35 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_state.c   Fri Nov 17 20:20:22 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_state.c,v 1.7 2017/04/23 20:47:22 christos Exp $    */
+/*     $NetBSD: ip_state.c,v 1.7.4.1 2017/11/17 20:20:22 snj Exp $     */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.7 2017/04/23 20:47:22 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.7.4.1 2017/11/17 20:20:22 snj Exp $");
 #else
 static const char sccsid[] = "@(#)ip_state.c   1.8 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -298,6 +298,32 @@
        KFREE(softs);
 }
 
+static void *
+ipf_state_seed_alloc(u_int state_size, u_int state_max)
+{
+       u_int i;
+       u_long *state_seed;
+       KMALLOCS(state_seed, u_long *, state_size * sizeof(*state_seed));
+       if (state_seed == NULL)
+               return NULL;
+
+       for (i = 0; i < state_size; i++) {
+               /*
+                * XXX - ipf_state_seed[X] should be a random number of sorts.
+                */
+#if !defined(NEED_LOCAL_RAND) && defined(_KERNEL)
+               state_seed[i] = cprng_fast32();
+#else
+               state_seed[i] = ((u_long)state_seed + i) * state_size;
+               state_seed[i] ^= 0xa5a55a5a;
+               state_seed[i] *= (u_long)state_seed;
+               state_seed[i] ^= 0x5a5aa5a5;
+               state_seed[i] *= state_max;
+#endif
+       }
+       return state_seed;
+}
+
 
 /* ------------------------------------------------------------------------ */
 /* Function:    ipf_state_soft_init                                         */
@@ -328,27 +354,11 @@
        bzero((char *)softs->ipf_state_table,
              softs->ipf_state_size * sizeof(ipstate_t *));
 
-       KMALLOCS(softs->ipf_state_seed, u_long *,
-                softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
+       softs->ipf_state_seed = ipf_state_seed_alloc(softs->ipf_state_size,
+           softs->ipf_state_max);
        if (softs->ipf_state_seed == NULL)
                return -2;
 
-       for (i = 0; i < softs->ipf_state_size; i++) {
-               /*
-                * XXX - ipf_state_seed[X] should be a random number of sorts.
-                */
-#if !defined(NEED_LOCAL_RAND) && defined(_KERNEL)
-               softs->ipf_state_seed[i] = cprng_fast32();
-#else
-               softs->ipf_state_seed[i] = ((u_long)softs->ipf_state_seed + i) *
-                                   softs->ipf_state_size;
-               softs->ipf_state_seed[i] ^= 0xa5a55a5a;
-               softs->ipf_state_seed[i] *= (u_long)softs->ipf_state_seed;
-               softs->ipf_state_seed[i] ^= 0x5a5aa5a5;
-               softs->ipf_state_seed[i] *= softs->ipf_state_max;
-#endif
-       }
-
        KMALLOCS(softs->ipf_state_stats.iss_bucketlen, u_int *,
                 softs->ipf_state_size * sizeof(u_int));
        if (softs->ipf_state_stats.iss_bucketlen == NULL)
@@ -5137,6 +5147,7 @@
 {
        ipf_state_softc_t *softs = softc->ipf_state_soft;
        ipstate_t **newtab, *is;
+       u_long *newseed;
        u_int *bucketlens;
        u_int maxbucket;
        u_int newsize;
@@ -5163,6 +5174,14 @@
                return ENOMEM;
        }
 
+       newseed = ipf_state_seed_alloc(newsize, softs->ipf_state_max);
+       if (newseed == NULL) {
+               KFREES(bucketlens, newsize * sizeof(*bucketlens));
+               KFREES(newtab, newsize * sizeof(*newtab));
+               IPFERROR(100037);
+               return ENOMEM;
+       }
+
        for (maxbucket = 0, i = newsize; i > 0; i >>= 1)
                maxbucket++;
        maxbucket *= 2;
@@ -5178,6 +5197,12 @@
        }
        softs->ipf_state_table = newtab;
 
+       if (softs->ipf_state_seed != NULL) {
+               KFREES(softs->ipf_state_seed,
+                      softs->ipf_state_size * sizeof(*softs->ipf_state_seed));
+       }
+       softs->ipf_state_seed = newseed;
+
        if (softs->ipf_state_stats.iss_bucketlen != NULL) {
                KFREES(softs->ipf_state_stats.iss_bucketlen,
                       softs->ipf_state_size * sizeof(u_int));

Prev by Date: [src/netbsd-8]: src/doc Tickets #309, #337 and #351
Next by Date: [src/netbsd-8]: src/sys Pull up following revision(s) (requested by ozaki-r i...
Previous by Thread: [src/netbsd-8]: src/doc Tickets #309, #337 and #351
Next by Thread: [src/netbsd-8]: src/sys Pull up following revision(s) (requested by ozaki-r i...
Indexes:

Home | Main Index | Thread Index | Old Index