From owner-svn-src-all@freebsd.org  Tue Dec 13 20:58:26 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 00190C7632A;
 Tue, 13 Dec 2016 20:58:25 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from mail.allbsd.org (gatekeeper.allbsd.org
 [IPv6:2001:2f0:104:e001::32])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.allbsd.org", Issuer "RapidSSL SHA256 CA - G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 96AE116E7;
 Tue, 13 Dec 2016 20:58:24 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from mail-d.allbsd.org (p2027-ipbf1605funabasi.chiba.ocn.ne.jp
 [123.225.191.27]) (authenticated bits=56)
 by mail.allbsd.org (8.15.2/8.15.2) with ESMTPSA id uBDKw04E092933
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL)
 (Client CN
 "/OU=GT07882699/OU=See+20www.rapidssl.com/resources/cps+20+28c+2915/OU=Domain+20Control+20Validated+20-+20RapidSSL+28R+29/CN=*.allbsd.org",
 Issuer "/C=US/O=GeoTrust+20Inc./CN=RapidSSL+20SHA256+20CA+20-+20G3"); 
 Wed, 14 Dec 2016 05:58:20 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Received: from alph.allbsd.org (alph.allbsd.org [192.168.0.10])
 by mail-d.allbsd.org (8.15.2/8.15.2) with ESMTPS id uBDKuiwv021620
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Wed, 14 Dec 2016 05:56:44 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0)
 by alph.allbsd.org (8.15.2/8.15.2) with ESMTPA id uBDKugpb021617;
 Wed, 14 Dec 2016 05:56:44 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Date: Wed, 14 Dec 2016 05:56:31 +0900 (JST)
Message-Id: <20161214.055631.1082998771679292922.hrs@allbsd.org>
To: cem@freebsd.org
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: Re: svn commit: r309933 - head/usr.sbin/syslogd
From: Hiroki Sato <hrs@FreeBSD.org>
In-Reply-To: <CAG6CVpV=nshki9k8DM-4Cni1gTJ8U-Eh1t8D9KfUqo0MKnC=wA@mail.gmail.com>
References: <201612121933.uBCJXen2093959@repo.freebsd.org>
 <CAG6CVpV=nshki9k8DM-4Cni1gTJ8U-Eh1t8D9KfUqo0MKnC=wA@mail.gmail.com>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 6.7 on Emacs 25.1 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
 micalg=pgp-sha1;
 boundary="--Security_Multipart(Wed_Dec_14_05_56_31_2016_032)--"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.99 at gatekeeper.allbsd.org
X-Virus-Status: Clean
X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.4.3
 (mail.allbsd.org [133.31.130.32]); Wed, 14 Dec 2016 05:58:21 +0900 (JST)
X-Spam-Status: No, score=-99.4 required=13.0 tests=CONTENT_TYPE_PRESENT,
 FAKEDWORD_EXCLAMATION,QENCPTR1,USER_IN_WHITELIST autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 gatekeeper.allbsd.org
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 20:58:26 -0000

----Security_Multipart(Wed_Dec_14_05_56_31_2016_032)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Conrad Meyer <cem@freebsd.org> wrote
  in <CAG6CVpV=nshki9k8DM-4Cni1gTJ8U-Eh1t8D9KfUqo0MKnC=wA@mail.gmail.com>:

ce> On Mon, Dec 12, 2016 at 11:33 AM, Hiroki Sato <hrs@freebsd.org> wrote:
ce> > Author: hrs
ce> > Date: Mon Dec 12 19:33:40 2016
ce> > New Revision: 309933
ce> > URL: https://svnweb.freebsd.org/changeset/base/309933
ce> >
ce> > Log:
ce> >   - Refactor listening socket list.  All of the listening sockets are
ce> >     now maintained in a single linked-list in a transport-independent manner.
ce> >   - Use queue.h for linked-list structure.
ce> >   - Use linked-list for AllowedPeers.
ce> >   - Use getaddrinfo(8) even for Unix Domain sockets.
ce> >   - Use macros to type-casting from/to struct sockaddr{,_in,_in6}.
ce> >   - Define fu_* macro for union f_un to shorten the member names.
ce> >   - Remove an extra #include <sys/type.h>.
ce> >   - Add "static" to non-exported symbols.
ce> >   - !INET support is still incomplete but will be fixed later.
ce> >
ce> >   There is no functional change except for some minor debug messages.
ce>
ce> Hello Hiroki,
ce>
ce> This refactor introduced a bug in the IPv6 address comparison/rejection logic.
ce>
ce> > Modified: head/usr.sbin/syslogd/syslogd.c
ce> > ==============================================================================
ce> > --- head/usr.sbin/syslogd/syslogd.c     Mon Dec 12 19:26:55 2016        (r309932)
ce> > +++ head/usr.sbin/syslogd/syslogd.c     Mon Dec 12 19:33:40 2016        (r309933)
ce> > ...
ce> >      reject = 0;
ce> > - for (j = 0; j < 16; j += 4) {
ce> > - if ((*(u_int32_t *)&sin6->sin6_addr.s6_addr[j] & *(u_int32_t *)&m6p->sin6_addr.s6_addr[j])
ce> > -    != *(u_int32_t *)&a6p->sin6_addr.s6_addr[j]) {
ce> > - ++reject;
ce> > - break;
ce> > - }
ce> > + if (IN6_ARE_MASKED_ADDR_EQUAL(&sin6->sin6_addr,
ce> > +    &a6p->sin6_addr, &m6p->sin6_addr) != 0) {
ce> > + ++reject;
ce> > + break;
ce> >      }
ce> >      if (reject) {
ce> >       dprintf("rejected in rule %d due to IP mismatch.\n", i);
ce>
ce> The new check isn't a loop, so the 'break' breaks out of the outer
ce> loop, which is unintentional.  I think we should just remove 'break'.
ce>
ce> This was found by Coverity CID 1366941.

 Oh, it was my mistake.  Thank you for pointing out it.  Fixed in
 r310035 just now.

-- Hiroki

----Security_Multipart(Wed_Dec_14_05_56_31_2016_032)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEABECAAYFAlhQYH8ACgkQTyzT2CeTzy1alQCgh0NueEwmT5f9vfG3EN5lWbfz
64kAnjvCUCIu0mEtMg5kKzW+fIRr8Bq1
=WD3C
-----END PGP SIGNATURE-----

----Security_Multipart(Wed_Dec_14_05_56_31_2016_032)----