From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 25 11:06:47 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69A5616A4CE for ; Wed, 25 Aug 2004 11:06:47 +0000 (GMT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2D66443D31 for ; Wed, 25 Aug 2004 11:06:47 +0000 (GMT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id 151903474C2; Wed, 25 Aug 2004 13:04:55 +0200 (CEST) Date: Wed, 25 Aug 2004 13:04:55 +0200 From: Pawel Malachowski To: ipfw@freebsd.org Message-ID: <20040825110455.GB57463@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2i Subject: (not) Protecting of case IP_FW_GET. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Aug 2004 11:06:47 -0000 Hello, Let's look at netinet/ip_fw2.c, at ipfw_ctl(), case IP_FW_GET. We are computing size of rules. Size can float because rules can be dynamic. In RELENG_4, it is protected with splimp(). In HEAD, it is not protected at all. Is this correct? (Similar case in ip_dummynet, when computing size of pipes, is protected with mutexes). Another thing, in HEAD, there are three mallocs with M_WAITOK flag, only one of them checks if malloc succeed (lookup tables code) and returns ENOMEM, if not. Another two are assuming malloc will always succeed. In RELENG_4, result is checked and ENOBUFS (why not ENOMEM?) is returned if malloc failed. -- Paweł Małachowski