From owner-svn-src-stable-11@freebsd.org Fri Apr 21 17:09:39 2017 Return-Path: Delivered-To: svn-src-stable-11@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26234D48EE0; Fri, 21 Apr 2017 17:09:39 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C56B5C51; Fri, 21 Apr 2017 17:09:38 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v3LH9btF098943; Fri, 21 Apr 2017 17:09:37 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v3LH9bTI098942; Fri, 21 Apr 2017 17:09:37 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201704211709.v3LH9bTI098942@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Fri, 21 Apr 2017 17:09:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r317262 - stable/11/sys/netpfil/ipfw X-SVN-Group: stable-11 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-11@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for only the 11-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2017 17:09:39 -0000 Author: ae Date: Fri Apr 21 17:09:37 2017 New Revision: 317262 URL: https://svnweb.freebsd.org/changeset/base/317262 Log: MFC r316824: The rule field in the ipfw_dyn_rule structure is used as storage to pass rule number and rule set to userland. In r272840 the kernel internal rule representation was changed and the rulenum field of struct ip_fw_rule got the type uint32_t, but userlevel representation still have the type uint16_t. To not overflow the size of pointer on the systems with 32-bit pointer size use separate variable to copy rulenum and set. Reported by: PVS-Studio Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Apr 21 17:03:48 2017 (r317261) +++ stable/11/sys/netpfil/ipfw/ip_fw_dynamic.c Fri Apr 21 17:09:37 2017 (r317262) @@ -1710,15 +1710,17 @@ ipfw_dyn_get_count(void) static void export_dyn_rule(ipfw_dyn_rule *src, ipfw_dyn_rule *dst) { + uint16_t rulenum; + rulenum = (uint16_t)src->rule->rulenum; memcpy(dst, src, sizeof(*src)); - memcpy(&(dst->rule), &(src->rule->rulenum), sizeof(src->rule->rulenum)); + memcpy(&dst->rule, &rulenum, sizeof(rulenum)); /* * store set number into high word of * dst->rule pointer. */ - memcpy((char *)&dst->rule + sizeof(src->rule->rulenum), - &(src->rule->set), sizeof(src->rule->set)); + memcpy((char *)&dst->rule + sizeof(rulenum), &src->rule->set, + sizeof(src->rule->set)); /* * store a non-null value in "next". * The userland code will interpret a @@ -1726,8 +1728,8 @@ export_dyn_rule(ipfw_dyn_rule *src, ipfw * for the last dynamic rule. */ memcpy(&dst->next, &dst, sizeof(dst)); - dst->expire = - TIME_LEQ(dst->expire, time_uptime) ? 0 : dst->expire - time_uptime; + dst->expire = TIME_LEQ(dst->expire, time_uptime) ? 0: + dst->expire - time_uptime; } /*