Diffusion FreeBSD src repository - subversion rS82345

the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold information
rS82345Unpublished
Actions

Unpublished Commit · Learn More

No further details are available.

Description

the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold information
about rules and dynamic rules. it later fills this buffer with these
rules.

it also takes the opporunity to compare the expiration of the dynamic
rules with the current time and either marks them for deletion or simply
charges the countdown.

unfortunatly it does this all (the sizing, the buffer copying, and the
expiration GC) with no spl protection whatsoever. it was possible for
the dynamic rule(s) to be ripped out from under the request before it
had completed, resulting in corrupt memory dereferencing.

Reviewed by: ps
MFC before: 4.4-RELEASE, hopefully.

Details

Provenance

billf

Authored on

Parents

rS82344: Alpha uses openjade i.s.o. jade for docs generation. So go out

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

head/

sys/

netinet/

ip_fw.c

rS82345

View Options

the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold informationrS82345UnpublishedActions