Page MenuHomeFreeBSD

Resolve ipfilter seed array size panic
ClosedPublic

Authored by cy on Jan 3 2018, 9:08 PM.
Tags
None
Referenced Files
Unknown Object (File)
Jan 13 2024, 2:52 AM
Unknown Object (File)
Dec 22 2023, 10:15 PM
Unknown Object (File)
Jun 26 2023, 12:25 PM
Unknown Object (File)
Jun 15 2023, 6:50 PM
Unknown Object (File)
Jun 14 2023, 9:53 PM
Unknown Object (File)
Dec 8 2022, 2:12 AM
Unknown Object (File)
Nov 28 2022, 8:54 AM
Subscribers

Details

Summary

When growing the state, remember to grow the seed array, otherwise we'll end
up accessing memory we did not allocate.

Submitted by christos@netbsd.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/external/bsd/ipf/netinet/ip_state.c.diff?only_with_tag=MAIN&r1=text&tr1=1.8&r2=text&tr2=1.10

Test Plan

tinderbox.

Currently running on my firewall/gateway and laptop.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 14102

Event Timeline

delphij requested changes to this revision.Jan 4 2018, 4:07 AM

Please see my comment inline. Other than that random number generation, the change looks fine to me.

sys/contrib/ipfilter/netinet/ip_state.c
317

Could you please change this to the old FreeBSD condition (#if FREEBSD_GE_REV(400000)) instead? The change as-is means in userland the seed would be predictable which may have bad consequences.

5303

NO ACTION REQUESTED: Just curious, how were these values chosen?

This revision now requires changes to proceed.Jan 4 2018, 4:07 AM
cy marked an inline comment as done.Jan 4 2018, 4:14 AM
cy added inline comments.
sys/contrib/ipfilter/netinet/ip_state.c
317

Done.

The block should ultimately be removed but that's for a different revision.

cy marked an inline comment as done.
cy marked an inline comment as done.
This revision is now accepted and ready to land.Jan 4 2018, 4:38 AM

On visual inspection this looks good, I do not run pf or stateful so I can not do any real world testing. Please make sure the commit message includes a comment about refactoring common code to a new function ipf_state_seed_alloc.

This revision was automatically updated to reflect the committed changes.