Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Oct 2025 13:02:00 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: c839eecec5e2 - stable/13 - ipfw: Check for errors from sooptcopyin() and sooptcopyout()
Message-ID:  <202510221302.59MD20Bx011287@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=c839eecec5e25c7a998a274107ab073444fc5d6a

commit c839eecec5e25c7a998a274107ab073444fc5d6a
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-10-14 13:33:13 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-10-21 13:13:03 +0000

    ipfw: Check for errors from sooptcopyin() and sooptcopyout()
    
    Note, it looks like this code may be unused since commit 4a77657cbc01
    ("ipfw: migrate ipfw to 32-bit size rule numbers").  In particular, it
    looks like the ipfw_nat_*_ptr pointers are unused now.
    
    Reviewed by:    ae
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D53068
    
    (cherry picked from commit 2df39ce5d4a8836ef5fd3c2666f48041042eff42)
---
 sys/netpfil/ipfw/ip_fw_nat.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c
index 8920e8d3e713..bd33d73ed013 100644
--- a/sys/netpfil/ipfw/ip_fw_nat.c
+++ b/sys/netpfil/ipfw/ip_fw_nat.c
@@ -999,9 +999,11 @@ ipfw_nat_del(struct sockopt *sopt)
 {
 	struct cfg_nat *ptr;
 	struct ip_fw_chain *chain = &V_layer3_chain;
-	int i;
+	int error, i;
 
-	sooptcopyin(sopt, &i, sizeof i, sizeof i);
+	error = sooptcopyin(sopt, &i, sizeof i, sizeof i);
+	if (error != 0)
+		return (error);
 	/* XXX validate i */
 	IPFW_UH_WLOCK(chain);
 	ptr = lookup_nat(&chain->nat, i);
@@ -1104,7 +1106,7 @@ ipfw_nat_get_log(struct sockopt *sopt)
 {
 	uint8_t *data;
 	struct cfg_nat *ptr;
-	int i, size;
+	int error, i, size;
 	struct ip_fw_chain *chain;
 	IPFW_RLOCK_TRACKER;
 
@@ -1134,9 +1136,9 @@ ipfw_nat_get_log(struct sockopt *sopt)
 		i += LIBALIAS_BUF_SIZE;
 	}
 	IPFW_RUNLOCK(chain);
-	sooptcopyout(sopt, data, size);
+	error = sooptcopyout(sopt, data, size);
 	free(data, M_IPFW);
-	return(0);
+	return (error);
 }
 
 static int
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510221302.59MD20Bx011287>