Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Apr 2017 17:09:37 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r317262 - stable/11/sys/netpfil/ipfw
Message-ID:  <201704211709.v3LH9bTI098942@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: ae
Date: Fri Apr 21 17:09:37 2017
New Revision: 317262
URL: https://svnweb.freebsd.org/changeset/base/317262

Log:
  MFC r316824:
    The rule field in the ipfw_dyn_rule structure is used as storage
    to pass rule number and rule set to userland. In r272840 the kernel
    internal rule representation was changed and the rulenum field of
    struct ip_fw_rule got the type uint32_t, but userlevel representation
    still have the type uint16_t. To not overflow the size of pointer
    on the systems with 32-bit pointer size use separate variable to
    copy rulenum and set.
  
    Reported by:	PVS-Studio

Modified:
  stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c	Fri Apr 21 17:03:48 2017	(r317261)
+++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c	Fri Apr 21 17:09:37 2017	(r317262)
@@ -1710,15 +1710,17 @@ ipfw_dyn_get_count(void)
 static void
 export_dyn_rule(ipfw_dyn_rule *src, ipfw_dyn_rule *dst)
 {
+	uint16_t rulenum;
 
+	rulenum = (uint16_t)src->rule->rulenum;
 	memcpy(dst, src, sizeof(*src));
-	memcpy(&(dst->rule), &(src->rule->rulenum), sizeof(src->rule->rulenum));
+	memcpy(&dst->rule, &rulenum, sizeof(rulenum));
 	/*
 	 * store set number into high word of
 	 * dst->rule pointer.
 	 */
-	memcpy((char *)&dst->rule + sizeof(src->rule->rulenum),
-	    &(src->rule->set), sizeof(src->rule->set));
+	memcpy((char *)&dst->rule + sizeof(rulenum), &src->rule->set,
+	    sizeof(src->rule->set));
 	/*
 	 * store a non-null value in "next".
 	 * The userland code will interpret a
@@ -1726,8 +1728,8 @@ export_dyn_rule(ipfw_dyn_rule *src, ipfw
 	 * for the last dynamic rule.
 	 */
 	memcpy(&dst->next, &dst, sizeof(dst));
-	dst->expire =
-	    TIME_LEQ(dst->expire, time_uptime) ?  0 : dst->expire - time_uptime;
+	dst->expire = TIME_LEQ(dst->expire, time_uptime) ?  0:
+	    dst->expire - time_uptime;
 }
 
 /*



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704211709.v3LH9bTI098942>