Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6-1]: src/sys/altq Pull up following revision(s) (requested by mr...
details: https://anonhg.NetBSD.org/src/rev/54d7e787095d
branches: netbsd-6-1
changeset: 776252:54d7e787095d
user: snj <snj%NetBSD.org@localhost>
date: Sat Aug 19 05:37:04 2017 +0000
description:
Pull up following revision(s) (requested by mrg in ticket #1488):
sys/altq/altq_cbq.c: revision 1.31
sys/altq/altq_hfsc.c: revision 1.27
sys/altq/altq_jobs.c: revision 1.11
sys/altq/altq_priq.c: revision 1.24
sys/altq/altq_wfq.c: revision 1.22
Zero buffers copied to userland to avoid stack disclosure.
>From Ilja Van Sprundel.
--
Reject negative indices.
(Would be nice to change the types too, and it's *probably* safe to
replace int by u_int, but I'm reluctant to touch the ioctl
definitions without at least a modicum more thought. Also one of
them is a u_long, because why not?)
>From Ilja Van Sprundel.
diffstat:
sys/altq/altq_cbq.c | 6 ++++--
sys/altq/altq_hfsc.c | 5 +++--
sys/altq/altq_jobs.c | 7 +++----
sys/altq/altq_priq.c | 5 +++--
sys/altq/altq_wfq.c | 13 +++++++------
5 files changed, 20 insertions(+), 16 deletions(-)
diffs (162 lines):
diff -r 3e43fac8a235 -r 54d7e787095d sys/altq/altq_cbq.c
--- a/sys/altq/altq_cbq.c Sat Aug 19 05:06:42 2017 +0000
+++ b/sys/altq/altq_cbq.c Sat Aug 19 05:37:04 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $ */
+/* $NetBSD: altq_cbq.c,v 1.26.32.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26.32.1 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -472,6 +472,7 @@
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
@@ -876,6 +877,7 @@
if (++i >= CBQ_MAX_CLASSES)
goto out;
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
stats.handle = cl->stats_.handle;
diff -r 3e43fac8a235 -r 54d7e787095d sys/altq/altq_hfsc.c
--- a/sys/altq/altq_hfsc.c Sat Aug 19 05:06:42 2017 +0000
+++ b/sys/altq/altq_hfsc.c Sat Aug 19 05:37:04 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $ */
+/* $NetBSD: altq_hfsc.c,v 1.24.52.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -43,7 +43,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24.52.1 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -313,6 +313,7 @@
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
diff -r 3e43fac8a235 -r 54d7e787095d sys/altq/altq_jobs.c
--- a/sys/altq/altq_jobs.c Sat Aug 19 05:06:42 2017 +0000
+++ b/sys/altq/altq_jobs.c Sat Aug 19 05:37:04 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_jobs.c,v 1.6.28.1 2014/11/03 15:10:39 msaitoh Exp $ */
+/* $NetBSD: altq_jobs.c,v 1.6.28.2 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.28.1 2014/11/03 15:10:39 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.28.2 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -2111,10 +2111,9 @@
usp = ap->stats;
for (pri = 0; pri <= jif->jif_maxpri; pri++) {
cl = jif->jif_classes[pri];
+ (void)memset(&stats, 0, sizeof(stats));
if (cl != NULL)
get_class_stats(&stats, cl);
- else
- (void)memset(&stats, 0, sizeof(stats));
if ((error = copyout((void *)&stats, (void *)usp++,
sizeof(stats))) != 0)
return (error);
diff -r 3e43fac8a235 -r 54d7e787095d sys/altq/altq_priq.c
--- a/sys/altq/altq_priq.c Sat Aug 19 05:06:42 2017 +0000
+++ b/sys/altq/altq_priq.c Sat Aug 19 05:37:04 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $ */
+/* $NetBSD: altq_priq.c,v 1.21.32.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_priq.c,v 1.13 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (C) 2000-2003
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_priq.c,v 1.21.32.1 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -219,6 +219,7 @@
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
diff -r 3e43fac8a235 -r 54d7e787095d sys/altq/altq_wfq.c
--- a/sys/altq/altq_wfq.c Sat Aug 19 05:06:42 2017 +0000
+++ b/sys/altq/altq_wfq.c Sat Aug 19 05:37:04 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_wfq.c,v 1.19 2008/09/11 17:58:59 joerg Exp $ */
+/* $NetBSD: altq_wfq.c,v 1.19.50.1 2017/08/19 05:37:04 snj Exp $ */
/* $KAME: altq_wfq.c,v 1.14 2005/04/13 03:44:25 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_wfq.c,v 1.19 2008/09/11 17:58:59 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_wfq.c,v 1.19.50.1 2017/08/19 05:37:04 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -518,14 +518,15 @@
wfq *queue;
int old;
- if (swp->weight < 0) {
- printf("set weight in natural number\n");
+ if (swp->weight < 0)
return (EINVAL);
- }
if ((wfqp = altq_lookup(swp->iface.wfq_ifacename, ALTQT_WFQ)) == NULL)
return (EBADF);
+ if (swp->qid < 0 || swp->qid >= wfqp->nums)
+ return (EINVAL);
+
queue = &wfqp->queue[swp->qid];
old = queue->weight;
queue->weight = swp->weight;
@@ -544,7 +545,7 @@
if ((wfqp = altq_lookup(gsp->iface.wfq_ifacename, ALTQT_WFQ)) == NULL)
return (EBADF);
- if (gsp->qid >= wfqp->nums)
+ if (gsp->qid < 0 || gsp->qid >= wfqp->nums)
return (EINVAL);
queue = &wfqp->queue[gsp->qid];
Home |
Main Index |
Thread Index |
Old Index