[src/netbsd-7]: src/sys/external/bsd/ipf/netinet Pull up the following revisi...

[sborrill <sborrill%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/896fc115f95c
branches:  netbsd-7
changeset: 800235:896fc115f95c
user:      sborrill <sborrill%NetBSD.org@localhost>
date:      Thu Jun 29 12:24:10 2017 +0000

description:
Pull up the following revisions(s) (requested by christos in ticket #1412):
        sys/external/bsd/ipf/netinet/fil.c:             revision 1.20
        sys/external/bsd/ipf/netinet/ip_state.c:        revision 1.7
        sys/external/bsd/ipf/netinet/ip_frag.c:         revision 1.5

Disconnect maintaining fragment state from keeping session state. The user
now must specify keep frags along with keep state to have ipfilter do what
it did before, as documented in ipf.conf.5.
Free the right fragment. This will cause use after free issues and eventually
panic.

diffstat:

 sys/external/bsd/ipf/netinet/fil.c      |  6 +++---
 sys/external/bsd/ipf/netinet/ip_frag.c  |  6 +++---
 sys/external/bsd/ipf/netinet/ip_state.c |  7 ++++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diffs (82 lines):

diff -r a0ca4d4a881a -r 896fc115f95c sys/external/bsd/ipf/netinet/fil.c
--- a/sys/external/bsd/ipf/netinet/fil.c        Wed Jun 21 17:27:15 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/fil.c        Thu Jun 29 12:24:10 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $ */
+/*     $NetBSD: fil.c,v 1.15.2.3 2017/06/29 12:24:10 sborrill Exp $    */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.2 2016/04/29 19:00:40 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.3 2017/06/29 12:24:10 sborrill Exp $");
 #else
 static const char sccsid[] = "@(#)fil.c        1.36 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -2689,7 +2689,7 @@
         * If the rule has "keep frag" and the packet is actually a fragment,
         * then create a fragment state entry.
         */
-       if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
+       if (pass & FR_KEEPFRAG) {
                if (fin->fin_flx & FI_FRAG) {
                        if (ipf_frag_new(softc, fin, pass) == -1) {
                                LBUMP(ipf_stats[out].fr_bnfr);
diff -r a0ca4d4a881a -r 896fc115f95c sys/external/bsd/ipf/netinet/ip_frag.c
--- a/sys/external/bsd/ipf/netinet/ip_frag.c    Wed Jun 21 17:27:15 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_frag.c    Thu Jun 29 12:24:10 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $      */
+/*     $NetBSD: ip_frag.c,v 1.3.14.1 2017/06/29 12:24:10 sborrill Exp $        */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -87,7 +87,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3.14.1 2017/06/29 12:24:10 sborrill Exp $");
 #else
 static const char sccsid[] = "@(#)ip_frag.c    1.11 3/24/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_frag.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -468,7 +468,7 @@
                          IPFR_CMPSZ)) {
                        RWLOCK_EXIT(lock);
                        FBUMPD(ifs_exists);
-                       KFREE(fra);
+                       KFREE(fran);
                        return NULL;
                }
 
diff -r a0ca4d4a881a -r 896fc115f95c sys/external/bsd/ipf/netinet/ip_state.c
--- a/sys/external/bsd/ipf/netinet/ip_state.c   Wed Jun 21 17:27:15 2017 +0000
+++ b/sys/external/bsd/ipf/netinet/ip_state.c   Thu Jun 29 12:24:10 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $      */
+/*     $NetBSD: ip_state.c,v 1.6.4.1 2017/06/29 12:24:10 sborrill Exp $        */
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@
 #if !defined(lint)
 #if defined(__NetBSD__)
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6.4.1 2017/06/29 12:24:10 sborrill Exp $");
 #else
 static const char sccsid[] = "@(#)ip_state.c   1.8 6/5/96 (C) 1993-2000 Darren Reed";
 static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -3341,7 +3341,8 @@
         * If this packet is a fragment and the rule says to track fragments,
         * then create a new fragment cache entry.
         */
-       if ((fin->fin_flx & FI_FRAG) && FR_ISPASS(is->is_pass))
+       if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
+          is->is_pass & FR_KEEPFRAG)
                (void) ipf_frag_new(softc, fin, is->is_pass);
 
        /*