tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patches for IPFilter



On NetBSD/sparc64, ipfstat will core dump trying to print out rules.
These two patches fix that problem.

#548 ipfstat hits a bus error on netbsd/sparc64
#550 filter rule list corrupted with inserted rules

Cheers,
Darren
p.s. I'd commit these myself but someone took my commit bit away...

diff -r -u ipf.orig/dist/tools/ipfstat.c ipf/dist/tools/ipfstat.c
--- ipf.orig/dist/tools/ipfstat.c       2012-07-23 00:27:51.000000000 +1000
+++ ipf/dist/tools/ipfstat.c    2014-06-15 19:13:02.000000000 +1000
@@ -857,8 +856,13 @@
                        if (fp->fr_family != 0 && fp->fr_family != AF_INET)
                                continue;
                }
-               if (fp->fr_data != NULL)
-                       fp->fr_data = (char *)fp + fp->fr_size;
+               if (fp->fr_data != NULL) {
+                       fp->fr_data = calloc(1, fp->fr_dsize);
+                       if (fp->fr_data != NULL) {
+                               bcopy((char *)fp + fp->fr_size, fp->fr_data,
+                                     fp->fr_dsize);
+                       }
+               }
 
                rules++;
 
diff -r -u ipf.orig/netinet/fil.c ipf/netinet/fil.c
--- ipf.orig/netinet/fil.c      2014-03-21 09:21:32.000000000 +1100
+++ ipf/netinet/fil.c   2014-06-15 21:45:22.000000000 +1000
@@ -3787,6 +3787,8 @@
        }
        return s;
 }
+
+
 /* ------------------------------------------------------------------------ */
 /* Function:    ipf_fixskip                                                 */
 /* Returns:     Nil                                                         */
@@ -4357,7 +4359,15 @@
 
                fp = f;
                f = NULL;
+               fp->fr_next = NULL;
                fp->fr_dnext = NULL;
+               fp->fr_pnext = NULL;
+               fp->fr_pdnext = NULL;
+               fp->fr_grp = NULL;
+               fp->fr_grphead = NULL;
+               fp->fr_icmpgrp = NULL;
+               fp->fr_isc = (void *)-1;
+               fp->fr_ptr = NULL;
                fp->fr_ref = 0;
                fp->fr_flags |= FR_COPIED;
        } else {
@@ -4860,7 +4870,9 @@
                                if (f->fr_collect > fp->fr_collect)
                                        break;
                                ftail = &f->fr_next;
+                               fprev = ftail;
                        }
+                       ftail = fprev;
                        f = NULL;
                        ptr = NULL;
                } else if (req == (ioctlcmd_t)SIOCINAFR ||
@@ -4951,6 +4963,8 @@
                        fp->fr_ref = 1;
                fp->fr_pnext = ftail;
                fp->fr_next = *ftail;
+               if (fp->fr_next != NULL)
+                       fp->fr_next->fr_pnext = &fp->fr_next;
                *ftail = fp;
                if (addrem == 0)
                        ipf_fixskip(ftail, fp, 1);
Only in ipf/netinet: fil.c.extra
Only in ipf/netinet: fil.c.orig


Home | Main Index | Thread Index | Old Index