diff options
author | dhartmei <dhartmei@FreeBSD.org> | 2004-05-02 20:47:24 +0000 |
---|---|---|
committer | dhartmei <dhartmei@FreeBSD.org> | 2004-05-02 20:47:24 +0000 |
commit | 56d46e84bd464d7e26b3c50724f0fb97c0b3ac7d (patch) | |
tree | 031d3b9d65e16026479cd09076ecd80360a60692 /sys/contrib/pf | |
parent | 381147f827eecf43612e38ce48ba04dd0d45e927 (diff) | |
download | FreeBSD-src-56d46e84bd464d7e26b3c50724f0fb97c0b3ac7d.zip FreeBSD-src-56d46e84bd464d7e26b3c50724f0fb97c0b3ac7d.tar.gz |
Commit three imported bugfixes from OpenBSD 3.4-stable:
- change pf_get_pool() argument rule_number type from u_int32_t
to u_int8_t, fixes corruption of address pools with large
rulesets (mcbride@)
- prevent endless loops with route-to (dhartmei@)
- limit option length to 2 octets max (frantzen@)
Obtained from: OpenBSD
Approved by: mlaier(mentor), bms(mentor)
Diffstat (limited to 'sys/contrib/pf')
-rw-r--r-- | sys/contrib/pf/net/pf.c | 19 | ||||
-rw-r--r-- | sys/contrib/pf/net/pf_ioctl.c | 6 | ||||
-rw-r--r-- | sys/contrib/pf/net/pf_norm.c | 10 |
3 files changed, 16 insertions, 19 deletions
diff --git a/sys/contrib/pf/net/pf.c b/sys/contrib/pf/net/pf.c index d492096..141b431 100644 --- a/sys/contrib/pf/net/pf.c +++ b/sys/contrib/pf/net/pf.c @@ -1,5 +1,5 @@ /* $FreeBSD$ */ -/* $OpenBSD: pf.c,v 1.389.2.3 2004/04/10 09:38:19 brad Exp $ */ +/* $OpenBSD: pf.c,v 1.389.2.4 2004/04/30 23:27:57 brad Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -5049,17 +5049,14 @@ pf_route(struct mbuf **m, struct pf_rule *r, int dir, struct ifnet *oifp, if (ifp == NULL) goto bad; - mtag = m_tag_find(m0, PACKET_TAG_PF_ROUTED, NULL); - if (mtag == NULL) { - struct m_tag *mtag; - - mtag = m_tag_get(PACKET_TAG_PF_ROUTED, 0, M_NOWAIT); - if (mtag == NULL) - goto bad; - m_tag_prepend(m0, mtag); - } + if (m_tag_find(m0, PACKET_TAG_PF_ROUTED, NULL) != NULL) + goto bad; + mtag = m_tag_get(PACKET_TAG_PF_ROUTED, 0, M_NOWAIT); + if (mtag == NULL) + goto bad; + m_tag_prepend(m0, mtag); - if (oifp != ifp && mtag == NULL) { + if (oifp != ifp) { #ifdef __FreeBSD__ PF_UNLOCK(); if (pf_test(PF_OUT, ifp, &m0) != PF_PASS) { diff --git a/sys/contrib/pf/net/pf_ioctl.c b/sys/contrib/pf/net/pf_ioctl.c index 893262c..298baf2 100644 --- a/sys/contrib/pf/net/pf_ioctl.c +++ b/sys/contrib/pf/net/pf_ioctl.c @@ -1,5 +1,5 @@ /* $FreeBSD$ */ -/* $OpenBSD: pf_ioctl.c,v 1.81.2.1 2004/03/28 01:34:15 brad Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.81.2.2 2004/04/30 23:28:58 brad Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -106,7 +106,7 @@ int pfopen(dev_t, int, int, struct proc *); int pfclose(dev_t, int, int, struct proc *); #endif struct pf_pool *pf_get_pool(char *, char *, u_int32_t, - u_int8_t, u_int8_t, u_int8_t, u_int8_t, u_int8_t); + u_int8_t, u_int32_t, u_int8_t, u_int8_t, u_int8_t); int pf_get_ruleset_number(u_int8_t); void pf_init_ruleset(struct pf_ruleset *); void pf_mv_pool(struct pf_palist *, struct pf_palist *); @@ -449,7 +449,7 @@ pfclose(dev_t dev, int flags, int fmt, struct proc *p) struct pf_pool * pf_get_pool(char *anchorname, char *rulesetname, u_int32_t ticket, - u_int8_t rule_action, u_int8_t rule_number, u_int8_t r_last, + u_int8_t rule_action, u_int32_t rule_number, u_int8_t r_last, u_int8_t active, u_int8_t check_ticket) { struct pf_ruleset *ruleset; diff --git a/sys/contrib/pf/net/pf_norm.c b/sys/contrib/pf/net/pf_norm.c index 9bba4e8..10f066e 100644 --- a/sys/contrib/pf/net/pf_norm.c +++ b/sys/contrib/pf/net/pf_norm.c @@ -1,5 +1,5 @@ /* $FreeBSD$ */ -/* $OpenBSD: pf_norm.c,v 1.75 2003/08/29 01:49:08 dhartmei Exp $ */ +/* $OpenBSD: pf_norm.c,v 1.75.2.1 2004/04/30 23:28:36 brad Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> @@ -1535,8 +1535,8 @@ pf_normalize_tcp_init(struct mbuf *m, int off, struct pf_pdesc *pd, } /* FALLTHROUGH */ default: - hlen -= opt[1]; - opt += opt[1]; + hlen -= MAX(opt[1], 2); + opt += MAX(opt[1], 2); break; } } @@ -1649,8 +1649,8 @@ pf_normalize_tcp_stateful(struct mbuf *m, int off, struct pf_pdesc *pd, } /* FALLTHROUGH */ default: - hlen -= opt[1]; - opt += opt[1]; + hlen -= MAX(opt[1], 2); + opt += MAX(opt[1], 2); break; } } |