HomeFreeBSD

MFC r327718:

Description

MFC r327718:

When growing the state, also grow the seed array. Otherwise memory
that was not allocated will be accessed.

This necessitated refactoring state seed allocation from
ipf_state_soft_init() into a new common ipf_state_seed_alloc() function
as it is now also used by ipf_state_rehash() when changing the size of
the state hash table in addition to by ipf_state_soft_init() during
initialization.

According to Christos Zoulas <christos@NetBSD.org>:

The bug was encountered by a NetBSD vendor who's customer machines had
large ipfilter states. The bug was reliably triggered by resizing the
state variables using "ipf -T".

Submitted by: Christos Zoulas <christos@NetBSD.org>
Reviewed by: delphij, rgrimes
Obtained from: NetBSD ip_state.c CVS revs r1.9 and r1.10
Differential Revision: https://reviews.freebsd.org/D13755

Details

Provenance
cyAuthored on
Reviewer
delphij
Differential Revision
D13755: Resolve ipfilter seed array size panic
Parents
rS328273: Document how to load nmdm(4) from a kernel module.
Branches
Unknown
Tags
Unknown