Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Jul 2011 12:54:10 +0000 (UTC)
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r223868 - stable/8/sys/netinet/ipfw
Message-ID:  <201107081254.p68CsAeI019131@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: glebius
Date: Fri Jul  8 12:54:10 2011
New Revision: 223868
URL: http://svn.freebsd.org/changeset/base/223868

Log:
  Merge from head/ 220796:
    Pullup up to TCP header length before matching against 'tcpopts'.
  
    PR:           kern/156180
    Reviewed by:  luigi

Modified:
  stable/8/sys/netinet/ipfw/ip_fw2.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/netinet/ipfw/ip_fw2.c
==============================================================================
--- stable/8/sys/netinet/ipfw/ip_fw2.c	Fri Jul  8 12:50:35 2011	(r223867)
+++ stable/8/sys/netinet/ipfw/ip_fw2.c	Fri Jul  8 12:54:10 2011	(r223868)
@@ -913,9 +913,10 @@ ipfw_chk(struct ip_fw_args *args)
  * pointer might become stale after other pullups (but we never use it
  * this way).
  */
-#define PULLUP_TO(_len, p, T)					\
+#define PULLUP_TO(_len, p, T)	PULLUP_LEN(_len, p, sizeof(T))
+#define PULLUP_LEN(_len, p, T)					\
 do {								\
-	int x = (_len) + sizeof(T);				\
+	int x = (_len) + T;					\
 	if ((m)->m_len < x) {					\
 		args->m = m = m_pullup(m, x);			\
 		if (m == NULL)					\
@@ -1600,6 +1601,7 @@ do {								\
 				break;
 
 			case O_TCPOPTS:
+				PULLUP_LEN(hlen, ulp, (TCP(ulp)->th_off << 2));
 				match = (proto == IPPROTO_TCP && offset == 0 &&
 				    tcpopts_match(TCP(ulp), cmd));
 				break;
@@ -2208,6 +2210,7 @@ do {								\
 			}
 
 		}	/* end of inner loop, scan opcodes */
+#undef PULLUP_LEN
 
 		if (done)
 			break;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107081254.p68CsAeI019131>