Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 3 Jul 2000 23:15:11 -0400 (EDT)
From:      David Gilbert <dgilbert@velocet.ca>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/19688: Adding some KASSERTS v1
Message-ID:  <200007040315.XAA36155@office.tor.velocet.net>
next in thread | raw e-mail | index | archive | help 

>Number:         19688
>Category:       kern
>Synopsis:       Some boundry checking KASSERTS in networking code
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 03 20:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     David Gilbert
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
Velocet Communications
>Environment:

I'm running this against 4.0-STABLE, but this can probably apply
better debugging to several branches.

>Description:

I'm trying to track down other bugs, so I'm going through networking
file-by-file looking for possibly array overflows (which I belive
my problem to be).  Anyways, I felt that it might be useful if I
contributed some of my KASSERT()'s back to the tree.  Someone can
slap my fingers if this is misguided.

>How-To-Repeat:

	heh.

>Fix:


--- /sys/net/hostcache.c	Fri Aug 27 20:48:15 1999
+++ hostcache.c	Mon Jul  3 23:08:34 2000
@@ -55,6 +55,8 @@
 	struct hchead *heads;
 	u_long nelem;
 
+        KASSERT(af >= 0 && af < AF_MAX, ("hc_init: af=%d out of range", af));
+        
 	hct = &hctable[af];
 	nelem = init_nelem;
 	if (hct->hct_nentries)
@@ -86,6 +88,9 @@
 	struct hctable *hct;
 	int s;
 
+        KASSERT(sa->sa_family >=0 && sa->sa_family < AF_MAX,
+                ("hc_get: sa_family=%d out o frange", sa->sa_family));
+
 	hct = &hctable[sa->sa_family];
 	if (hct->hct_nentries == 0)
 		return 0;
@@ -150,6 +155,10 @@
 	u_long hash;
 	int s;
 
+        KASSERT(hc->hc_host->sa_family >=0 && hc->hc_host->sa_family < AF_MAX,
+                ("hc_insert: sa_family=%d out of range",
+                 hc->hc_host->sa_family));
+        
 	hct = &hctable[hc->hc_host->sa_family];
 	hash = hct->hct_cb->hccb_hash(hc->hc_host, hct->hct_nentries);
 	


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007040315.XAA36155>