Page MenuHomeFreeBSD

Resolve ipfilter seed array size panic
ClosedPublic

Authored by cy on Jan 3 2018, 9:08 PM.
Tags
None
Referenced Files
F107176222: D13755.id37483.diff
Sat, Jan 11, 6:50 AM
F107169158: D13755.diff
Sat, Jan 11, 4:33 AM
Unknown Object (File)
Mon, Dec 16, 3:18 PM
Unknown Object (File)
Nov 26 2024, 10:33 AM
Unknown Object (File)
Nov 26 2024, 10:33 AM
Unknown Object (File)
Nov 26 2024, 10:33 AM
Unknown Object (File)
Nov 26 2024, 10:32 AM
Unknown Object (File)
Nov 26 2024, 10:08 AM
Subscribers

Details

Summary

When growing the state, remember to grow the seed array, otherwise we'll end
up accessing memory we did not allocate.

Submitted by christos@netbsd.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/external/bsd/ipf/netinet/ip_state.c.diff?only_with_tag=MAIN&r1=text&tr1=1.8&r2=text&tr2=1.10

Test Plan

tinderbox.

Currently running on my firewall/gateway and laptop.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

delphij requested changes to this revision.Jan 4 2018, 4:07 AM

Please see my comment inline. Other than that random number generation, the change looks fine to me.

sys/contrib/ipfilter/netinet/ip_state.c
317 ↗(On Diff #37483)

Could you please change this to the old FreeBSD condition (#if FREEBSD_GE_REV(400000)) instead? The change as-is means in userland the seed would be predictable which may have bad consequences.

5303 ↗(On Diff #37483)

NO ACTION REQUESTED: Just curious, how were these values chosen?

This revision now requires changes to proceed.Jan 4 2018, 4:07 AM
cy marked an inline comment as done.Jan 4 2018, 4:14 AM
cy added inline comments.
sys/contrib/ipfilter/netinet/ip_state.c
317 ↗(On Diff #37483)

Done.

The block should ultimately be removed but that's for a different revision.

cy marked an inline comment as done.
cy marked an inline comment as done.
This revision is now accepted and ready to land.Jan 4 2018, 4:38 AM

On visual inspection this looks good, I do not run pf or stateful so I can not do any real world testing. Please make sure the commit message includes a comment about refactoring common code to a new function ipf_state_seed_alloc.

This revision was automatically updated to reflect the committed changes.