Date: Fri, 14 Aug 2009 10:09:46 +0000 (UTC) From: Julian Elischer <julian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r196201 - head/sys/netinet/ipfw Message-ID: <200908141009.n7EA9k1m028514@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: julian Date: Fri Aug 14 10:09:45 2009 New Revision: 196201 URL: http://svn.freebsd.org/changeset/base/196201 Log: Fix ipfw crash on uid or gid check. Receiving any ip packet for which there is no existing socket will crash if ipfw has a uid or gid test rule, as the uid/gid of the non existent owner of said non existent socket is tested. Brooks introduced this error as part of his >16 gids patch. It appears to be a cut-n-paste error from similar code a few lines before. The old code used the 'pcb' variable here, but in the new code that switched the 'inp' variable, which is often NULL and what is tested in the code further up. The rest of the multi-gid patch for ipfw seems solid (and cleaner than previous code). Reviewed by: brooks Approved by: re (rwatson) Modified: head/sys/netinet/ipfw/ip_fw2.c Modified: head/sys/netinet/ipfw/ip_fw2.c ============================================================================== --- head/sys/netinet/ipfw/ip_fw2.c Thu Aug 13 23:18:45 2009 (r196200) +++ head/sys/netinet/ipfw/ip_fw2.c Fri Aug 14 10:09:45 2009 (r196201) @@ -2057,7 +2057,7 @@ check_uidgid(ipfw_insn_u32 *insn, int pr dst_ip, htons(dst_port), wildcard, NULL); if (pcb != NULL) { - *uc = crhold(inp->inp_cred); + *uc = crhold(pcb->inp_cred); *ugid_lookupp = 1; } INP_INFO_RUNLOCK(pi);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908141009.n7EA9k1m028514>