diff options
| author | melifaro <melifaro@FreeBSD.org> | 2016-01-21 18:20:40 +0000 |
|---|---|---|
| committer | melifaro <melifaro@FreeBSD.org> | 2016-01-21 18:20:40 +0000 |
| commit | acae2332ede82f1e6d8c0cab1c5a204a8f6d95d0 (patch) | |
| tree | 6104bfa6ff42502e77eea7497c28029d03c4b7a8 /sys/netpfil | |
| parent | 782c60a71700572e664e5dfc8f70a6727d616396 (diff) | |
| download | FreeBSD-src-acae2332ede82f1e6d8c0cab1c5a204a8f6d95d0.zip FreeBSD-src-acae2332ede82f1e6d8c0cab1c5a204a8f6d95d0.tar.gz | |
Fix panic on table/table entry delete. The panic could have happened
if more than 64 distinct values had been used.
Table value code uses internal objhash API which requires unique key
for each object. For value code, pointer to the actual value data
is used. The actual problem arises from the fact that 'actual' e.g.
runtime data is stored in array and that array is auto-growing. There is
special hook (update_tvalue() function) which is used to update the pointers
after the change. For some reason, object 'key' was not updated.
Fix this by adding update code to the update_tvalue().
Sponsored by: Yandex LLC
Diffstat (limited to 'sys/netpfil')
| -rw-r--r-- | sys/netpfil/ipfw/ip_fw_table_value.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/netpfil/ipfw/ip_fw_table_value.c b/sys/netpfil/ipfw/ip_fw_table_value.c index c8c755c..a196b03 100644 --- a/sys/netpfil/ipfw/ip_fw_table_value.c +++ b/sys/netpfil/ipfw/ip_fw_table_value.c @@ -158,6 +158,7 @@ update_tvalue(struct namedobj_instance *ni, struct named_object *no, void *arg) pval = da->pval; ptv->pval = &pval[ptv->no.kidx]; + ptv->no.name = (char *)&pval[ptv->no.kidx]; } |
