Date: Fri, 10 Mar 2017 20:38:18 +0000 (UTC) From: Eric van Gyzen <vangyzen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r315028 - stable/10/sys/netpfil/pf Message-ID: <201703102038.v2AKcIwR033398@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: vangyzen Date: Fri Mar 10 20:38:18 2017 New Revision: 315028 URL: https://svnweb.freebsd.org/changeset/base/315028 Log: MFC r313820 pf: use inet_ntoa_r() instead of inet_ntoa(); maybe fix IPv6 OS fingerprinting inet_ntoa() cannot be used safely in a multithreaded environment because it uses a static local buffer. Instead, use inet_ntoa_r() with a buffer on the caller's stack. This code had an INET6 conditional before this commit, but opt_inet6.h was not included, so INET6 was never defined. Apparently, pf's OS fingerprinting hasn't worked with IPv6 for quite some time. This commit might fix it, but I didn't test that. Relnotes: yes (if I/someone can test pf OS fingerprinting with IPv6) Sponsored by: Dell EMC Modified: stable/10/sys/netpfil/pf/pf_osfp.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_osfp.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_osfp.c Fri Mar 10 20:30:17 2017 (r315027) +++ stable/10/sys/netpfil/pf/pf_osfp.c Fri Mar 10 20:38:18 2017 (r315028) @@ -19,6 +19,8 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_inet6.h" + #include <sys/param.h> #include <sys/kernel.h> #include <sys/socket.h> @@ -30,8 +32,10 @@ __FBSDID("$FreeBSD$"); #include <net/if.h> #include <net/pfvar.h> +#ifdef INET6 #include <netinet/ip6.h> #include <netinet6/in6_var.h> +#endif static MALLOC_DEFINE(M_PFOSFP, "pf_osfp", "pf(4) operating system fingerprints"); #define DPFPRINTF(format, x...) \ @@ -91,7 +95,11 @@ pf_osfp_fingerprint_hdr(const struct ip struct pf_os_fingerprint fp, *fpresult; int cnt, optlen = 0; const u_int8_t *optp; - char srcname[128]; +#ifdef INET6 + char srcname[INET6_ADDRSTRLEN]; +#else + char srcname[INET_ADDRSTRLEN]; +#endif if ((tcp->th_flags & (TH_SYN|TH_ACK)) != TH_SYN) return (NULL); @@ -107,7 +115,7 @@ pf_osfp_fingerprint_hdr(const struct ip fp.fp_ttl = ip->ip_ttl; if (ip->ip_off & htons(IP_DF)) fp.fp_flags |= PF_OSFP_DF; - strlcpy(srcname, inet_ntoa(ip->ip_src), sizeof(srcname)); + inet_ntoa_r(ip->ip_src, srcname); } #ifdef INET6 else if (ip6) { @@ -116,8 +124,7 @@ pf_osfp_fingerprint_hdr(const struct ip fp.fp_ttl = ip6->ip6_hlim; fp.fp_flags |= PF_OSFP_DF; fp.fp_flags |= PF_OSFP_INET6; - strlcpy(srcname, ip6_sprintf((struct in6_addr *)&ip6->ip6_src), - sizeof(srcname)); + ip6_sprintf(srcname, (const struct in6_addr *)&ip6->ip6_src); } #endif else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703102038.v2AKcIwR033398>