From owner-svn-src-all@freebsd.org Sun Jan 29 18:41:11 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51C60CC7E37; Sun, 29 Jan 2017 18:41:11 +0000 (UTC) (envelope-from loos@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EE2221199; Sun, 29 Jan 2017 18:41:10 +0000 (UTC) (envelope-from loos@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v0TIfA1q018510; Sun, 29 Jan 2017 18:41:10 GMT (envelope-from loos@FreeBSD.org) Received: (from loos@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v0TIfANX018509; Sun, 29 Jan 2017 18:41:10 GMT (envelope-from loos@FreeBSD.org) Message-Id: <201701291841.v0TIfANX018509@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: loos set sender to loos@FreeBSD.org using -f From: Luiz Otavio O Souza Date: Sun, 29 Jan 2017 18:41:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r312953 - head/sys/net X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Jan 2017 18:41:11 -0000 Author: loos Date: Sun Jan 29 18:41:09 2017 New Revision: 312953 URL: https://svnweb.freebsd.org/changeset/base/312953 Log: The stf(4) interface name does not conform with the default naming convention for interfaces, because only one stf(4) interface can exist in the system. This disallow the use of unit numbers different than 0, however, it is possible to create the clone without specify the unit number (wildcard). In the wildcard case we must update the interface name before return. This fix an infinite recursion in pf code that keeps track of network interfaces and groups: 1 - a group for the cloned type of the interface is added (stf in this case); 2 - the system will now try to add an interface named stf (instead of stf0) to stf group; 3 - when pfi_kif_attach() tries to search for an already existing 'stf' interface, the 'stf' group is returned and thus the group is added as an interface of itself; This will now cause a crash at the first attempt to traverse the groups which the stf interface belongs (which loops over itself). Obtained from: pfSense MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC (Netgate) Modified: head/sys/net/if_stf.c Modified: head/sys/net/if_stf.c ============================================================================== --- head/sys/net/if_stf.c Sun Jan 29 16:54:55 2017 (r312952) +++ head/sys/net/if_stf.c Sun Jan 29 18:41:09 2017 (r312953) @@ -202,10 +202,16 @@ stf_clone_match(struct if_clone *ifc, co static int stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) { - int err, unit; + char *dp; + int err, unit, wildcard; struct stf_softc *sc; struct ifnet *ifp; + err = ifc_name2unit(name, &unit); + if (err != 0) + return (err); + wildcard = (unit < 0); + /* * We can only have one unit, but since unit allocation is * already locked, we use it to keep from allocating extra @@ -229,7 +235,20 @@ stf_clone_create(struct if_clone *ifc, c /* * Set the name manually rather then using if_initname because * we don't conform to the default naming convention for interfaces. + * In the wildcard case, we need to update the name. */ + if (wildcard) { + for (dp = name; *dp != '\0'; dp++); + if (snprintf(dp, len - (dp-name), "%d", unit) > + len - (dp-name) - 1) { + /* + * This can only be a programmer error and + * there's no straightforward way to recover if + * it happens. + */ + panic("if_clone_create(): interface name too long"); + } + } strlcpy(ifp->if_xname, name, IFNAMSIZ); ifp->if_dname = stfname; ifp->if_dunit = IF_DUNIT_NONE;