[src/trunk]: src/sys/external/bsd/ipf/netinet Avoid panic in SIOCGNATL derefe...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/external/bsd/ipf/netinet Avoid panic in SIOCGNATL derefe...
From: prlw1 <prlw1%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 05:05:42 +0000

details:   https://anonhg.NetBSD.org/src/rev/8f71d4fdfb18
branches:  trunk
changeset: 809881:8f71d4fdfb18
user:      prlw1 <prlw1%NetBSD.org@localhost>
date:      Fri Aug 07 17:31:12 2015 +0000

description:
Avoid panic in SIOCGNATL dereferencing a NULL softc.
Solution suggestion from Martin Husemann.

diffstat:

 sys/external/bsd/ipf/netinet/ip_nat.c  |  11 ++++++-----
 sys/external/bsd/ipf/netinet/ip_nat.h  |   6 +++---
 sys/external/bsd/ipf/netinet/ip_nat6.c |   5 +++--
 3 files changed, 12 insertions(+), 10 deletions(-)

diffs (98 lines):

diff -r 29a2dddc6cf6 -r 8f71d4fdfb18 sys/external/bsd/ipf/netinet/ip_nat.c
--- a/sys/external/bsd/ipf/netinet/ip_nat.c     Fri Aug 07 15:53:24 2015 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_nat.c     Fri Aug 07 17:31:12 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $      */
+/*     $NetBSD: ip_nat.c,v 1.14 2015/08/07 17:31:12 prlw1 Exp $        */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -113,7 +113,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.13 2014/07/12 14:54:32 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.14 2015/08/07 17:31:12 prlw1 Exp $");
 #else
 static const char sccsid[] = "@(#)ip_nat.c     1.11 6/5/96 (C) 1995 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_nat.c,v 1.1.1.2 2012/07/22 13:45:27 darrenr Exp";
@@ -1227,11 +1227,11 @@
                        switch (nl.nl_v)
                        {
                        case 4 :
-                               ptr = ipf_nat_lookupredir(&nl);
+                               ptr = ipf_nat_lookupredir(softc, &nl);
                                break;
 #ifdef USE_INET6
                        case 6 :
-                               ptr = ipf_nat6_lookupredir(&nl);
+                               ptr = ipf_nat6_lookupredir(softc, &nl);
                                break;
 #endif
                        default:
@@ -4574,12 +4574,13 @@
 /*     nl_out* = destination information (translated)                       */
 /* ------------------------------------------------------------------------ */
 nat_t *
-ipf_nat_lookupredir(natlookup_t *np)
+ipf_nat_lookupredir(ipf_main_softc_t *softc, natlookup_t *np)
 {
        fr_info_t fi;
        nat_t *nat;
 
        bzero((char *)&fi, sizeof(fi));
+       fi.fin_main_soft = softc;
        if (np->nl_flags & IPN_IN) {
                fi.fin_data[0] = ntohs(np->nl_realport);
                fi.fin_data[1] = ntohs(np->nl_outport);
diff -r 29a2dddc6cf6 -r 8f71d4fdfb18 sys/external/bsd/ipf/netinet/ip_nat.h
--- a/sys/external/bsd/ipf/netinet/ip_nat.h     Fri Aug 07 15:53:24 2015 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_nat.h     Fri Aug 07 17:31:12 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_nat.h,v 1.6 2013/01/09 13:23:20 christos Exp $      */
+/*     $NetBSD: ip_nat.h,v 1.7 2015/08/07 17:31:12 prlw1 Exp $ */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -721,7 +721,7 @@
                                   int, int, void *);
 extern void    ipf_nat_log(ipf_main_softc_t *, ipf_nat_softc_t *,
                                 struct nat *, u_int);
-extern nat_t   *ipf_nat_lookupredir(natlookup_t *);
+extern nat_t   *ipf_nat_lookupredir(ipf_main_softc_t *, natlookup_t *);
 extern nat_t   *ipf_nat_maplookup(void *, u_int, struct in_addr,
                                struct in_addr);
 extern nat_t   *ipf_nat_add(fr_info_t *, ipnat_t *, nat_t **,
@@ -780,7 +780,7 @@
 extern u_32_t  ipf_nat6_ip6subtract(i6addr_t *, i6addr_t *);
 extern frentry_t *ipf_nat6_ipfin(fr_info_t *, u_32_t *);
 extern frentry_t *ipf_nat6_ipfout(fr_info_t *, u_32_t *);
-extern nat_t   *ipf_nat6_lookupredir(natlookup_t *);
+extern nat_t   *ipf_nat6_lookupredir(ipf_main_softc_t *, natlookup_t *);
 extern int     ipf_nat6_newmap(fr_info_t *, nat_t *, natinfo_t *);
 extern int     ipf_nat6_newrdr(fr_info_t *, nat_t *, natinfo_t *);
 extern nat_t   *ipf_nat6_outlookup(fr_info_t *, u_int, u_int,
diff -r 29a2dddc6cf6 -r 8f71d4fdfb18 sys/external/bsd/ipf/netinet/ip_nat6.c
--- a/sys/external/bsd/ipf/netinet/ip_nat6.c    Fri Aug 07 15:53:24 2015 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_nat6.c    Fri Aug 07 17:31:12 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_nat6.c,v 1.7 2014/04/01 15:19:29 christos Exp $     */
+/*     $NetBSD: ip_nat6.c,v 1.8 2015/08/07 17:31:12 prlw1 Exp $        */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -2414,12 +2414,13 @@
 /*     nl_out* = destination information (translated)                       */
 /* ------------------------------------------------------------------------ */
 nat_t *
-ipf_nat6_lookupredir(natlookup_t *np)
+ipf_nat6_lookupredir(ipf_main_softc_t *softc, natlookup_t *np)
 {
        fr_info_t fi;
        nat_t *nat;
 
        bzero((char *)&fi, sizeof(fi));
+       fi.fin_main_soft = softc;
        if (np->nl_flags & IPN_IN) {
                fi.fin_data[0] = ntohs(np->nl_realport);
                fi.fin_data[1] = ntohs(np->nl_outport);

Prev by Date: [src/trunk]: src Remove KMEMSTATS.
Next by Date: [src/trunk]: src/sys/arch/mips/ingenic - sprinkle volatile
Previous by Thread: [src/trunk]: src Remove KMEMSTATS.
Next by Thread: [src/trunk]: src/sys/arch/mips/ingenic - sprinkle volatile
Indexes:

Home | Main Index | Thread Index | Old Index