Page MenuHomeFreeBSD
Differential D13755

Resolve ipfilter seed array size panic
ClosedPublic
Actions

Authored by cy on Jan 3 2018, 9:08 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 16, 3:18 PM
Unknown Object (File)
Nov 26 2024, 10:33 AM
Unknown Object (File)
Nov 26 2024, 10:33 AM
Unknown Object (File)
Nov 26 2024, 10:33 AM
Unknown Object (File)
Nov 26 2024, 10:32 AM
Unknown Object (File)
Nov 26 2024, 10:08 AM
Unknown Object (File)
Nov 21 2024, 10:12 AM
Unknown Object (File)
Nov 6 2024, 3:17 PM
View All 34 Files
Subscribers
imp

Details

Reviewers
delphij
gordon
glebius
ae
markj
adrian
rgrimes
Group Reviewers
secteam
Commits
rS328274: MFC r327718:
rS327718: When growing the state, also grow the seed array. Otherwise memory
Summary

When growing the state, remember to grow the seed array, otherwise we'll end
up accessing memory we did not allocate.

Submitted by christos@netbsd.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/external/bsd/ipf/netinet/ip_state.c.diff?only_with_tag=MAIN&r1=text&tr1=1.8&r2=text&tr2=1.10

Test Plan

tinderbox.

Currently running on my firewall/gateway and laptop.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cy created this revision.Jan 3 2018, 9:08 PM
Herald added a subscriber: imp. · View Herald TranscriptJan 3 2018, 9:08 PM
cy added a reviewer: rgrimes.Jan 4 2018, 1:27 AM
delphij requested changes to this revision.Jan 4 2018, 4:07 AM

Please see my comment inline. Other than that random number generation, the change looks fine to me.

sys/contrib/ipfilter/netinet/ip_state.c
317 ↗(On Diff #37483)

Could you please change this to the old FreeBSD condition (#if FREEBSD_GE_REV(400000)) instead? The change as-is means in userland the seed would be predictable which may have bad consequences.

5303 ↗(On Diff #37483)

NO ACTION REQUESTED: Just curious, how were these values chosen?

This revision now requires changes to proceed.Jan 4 2018, 4:07 AM
cy marked an inline comment as done.Jan 4 2018, 4:14 AM
cy added inline comments.
sys/contrib/ipfilter/netinet/ip_state.c
317 ↗(On Diff #37483)

Done.

The block should ultimately be removed but that's for a different revision.

cy updated this revision to Diff 37498.Jan 4 2018, 4:16 AM
cy marked an inline comment as done.
cy marked an inline comment as done.
delphij accepted this revision.Jan 4 2018, 4:38 AM

Looks good to me.

This revision is now accepted and ready to land.Jan 4 2018, 4:38 AM
rgrimes accepted this revision.Jan 4 2018, 2:01 PM

On visual inspection this looks good, I do not run pf or stateful so I can not do any real world testing. Please make sure the commit message includes a comment about refactoring common code to a new function ipf_state_seed_alloc.

Closed by commit rS327718: When growing the state, also grow the seed array. Otherwise memory (authored by cy). · Explain WhyJan 9 2018, 6:44 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
contrib/
ipfilter/
netinet/
61 lines

Diff 37668

View Options

head/sys/contrib/ipfilter/netinet/ip_state.c

Loading...