Date: Sun, 26 Aug 2001 03:09:48 -0700 (PDT) From: Bill Fumerola <billf@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw.c Message-ID: <200108261009.f7QA9mk51468@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
billf 2001/08/26 03:09:48 PDT
Modified files:
sys/netinet ip_fw.c
Log:
the IP_FW_GET code in ip_fw_ctl() sizes a buffer to hold information
about rules and dynamic rules. it later fills this buffer with these
rules.
it also takes the opporunity to compare the expiration of the dynamic
rules with the current time and either marks them for deletion or simply
charges the countdown.
unfortunatly it does this all (the sizing, the buffer copying, and the
expiration GC) with no spl protection whatsoever. it was possible for
the dynamic rule(s) to be ripped out from under the request before it
had completed, resulting in corrupt memory dereferencing.
Reviewed by: ps
MFC before: 4.4-RELEASE, hopefully.
Revision Changes Path
1.166 +4 -1 src/sys/netinet/ip_fw.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108261009.f7QA9mk51468>