Date: Sat, 9 Jan 2016 00:38:32 +0100 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: "Alexander V. Chernikov" <melifaro@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r293159 - in head/sys: net netinet netinet6 Message-ID: <CAPQ4fftyZ-rWjQKUVH05nX-dApBFa9iT3fuFmuW=xuEnh0i%2B2Q@mail.gmail.com> In-Reply-To: <201601041503.u04F3Lps031314@repo.freebsd.org> References: <201601041503.u04F3Lps031314@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/4/16, Alexander V. Chernikov <melifaro@freebsd.org> wrote: > Author: melifaro > Date: Mon Jan 4 15:03:20 2016 > New Revision: 293159 > URL: https://svnweb.freebsd.org/changeset/base/293159 > > Log: > Add rib_lookup_info() to provide API for retrieving individual route > entries data in unified format. > > There are control plane functions that require information other than > just next-hop data (e.g. individual rtentry fields like flags or > prefix/mask). Given that the goal is to avoid rte > reference/refcounting, > re-use rt_addrinfo structure to store most rte fields. If caller wants > to retrieve key/mask or gateway (which are sockaddrs and are allocated > separately), it needs to provide sufficient-sized sockaddrs structures > w/ ther pointers saved in passed rt_addrinfo. > > Convert: > * lltable new records checks (in_lltable_rtcheck(), > nd6_is_new_addr_neighbor(). > * rtsock pre-add/change route check. > * IPv6 NS ND-proxy check (RADIX_MPATH code was eliminated because > 1) we don't support RTF_ANNOUNCE ND-proxy for networks and there > should > not be multiple host routes for such hosts 2) if we have multiple > routes we should inspect them (which is not done). 3) the entire > idea > of abusing KRT as storage for ND proxy seems odd. Userland > programs > should be used for that purpose). > > Modified: > head/sys/net/route.c > head/sys/net/route.h > head/sys/net/rtsock.c > head/sys/netinet/in.c > head/sys/netinet6/nd6.c > head/sys/netinet6/nd6_nbr.c > > Modified: head/sys/net/route.c > ============================================================================== > --- head/sys/net/route.c Mon Jan 4 09:58:16 2016 (r293158) > +++ head/sys/net/route.c Mon Jan 4 15:03:20 2016 (r293159) > @@ -147,6 +147,8 @@ static void rt_notifydelete(struct rtent > static struct radix_node *rt_mpath_unlink(struct radix_node_head *rnh, > struct rt_addrinfo *info, struct rtentry *rto, int *perror); > #endif > +static int rt_exportinfo(struct rtentry *rt, struct rt_addrinfo *info, > + int flags); > > struct if_mtuinfo > { > @@ -832,6 +834,147 @@ rtrequest_fib(int req, > > > /* > + * Copy most of @rt data into @info. > + * > + * If @flags contains NHR_COPY, copies dst,netmask and gw to the > + * pointers specified by @info structure. Assume such pointers > + * are zeroed sockaddr-like structures with sa_len field initialized > + * to reflect size of the provided buffer. if no NHR_COPY is specified, > + * point dst,netmask and gw @info fields to appropriate @rt values. > + * > + * if @flags contains NHR_REF, do refcouting on rt_ifp. > + * > + * Returns 0 on success. > + */ > +int > +rt_exportinfo(struct rtentry *rt, struct rt_addrinfo *info, int flags) > +{ > + struct rt_metrics *rmx; > + struct sockaddr *src, *dst; > + int sa_len; > + > + if (flags & NHR_COPY) { > + /* Copy destination if dst is non-zero */ > + src = rt_key(rt); > + dst = info->rti_info[RTAX_DST]; > + sa_len = src->sa_len; ** CID 1347797: Null pointer dereferences (REVERSE_INULL) /sys/net/route.c: 861 in rt_exportinfo() ________________________________________________________________________________________________________ *** CID 1347797: Null pointer dereferences (REVERSE_INULL) /sys/net/route.c: 861 in rt_exportinfo() 855 856 if (flags & NHR_COPY) { 857 /* Copy destination if dst is non-zero */ 858 src = rt_key(rt); 859 dst = info->rti_info[RTAX_DST]; 860 sa_len = src->sa_len; >>> CID 1347797: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "src" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 861 if (src != NULL && dst != NULL) { 862 if (src->sa_len > dst->sa_len) 863 return (ENOMEM); 864 memcpy(dst, src, src->sa_len); 865 info->rti_addrs |= RTA_DST; 866 } > + if (src != NULL && dst != NULL) { > + if (src->sa_len > dst->sa_len) > + return (ENOMEM); > + memcpy(dst, src, src->sa_len); > + info->rti_addrs |= RTA_DST; > + } > + > + /* Copy mask if set && dst is non-zero */ [...] > _______________________________________________ > svn-src-head@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4fftyZ-rWjQKUVH05nX-dApBFa9iT3fuFmuW=xuEnh0i%2B2Q>