Date: Wed, 07 Jan 2026 13:50:55 +0000 From: Mark Johnston <markj@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: b87f70f695f1 - stable/14 - pfsync: Avoid zeroing the state export union Message-ID: <695e64bf.3f1e5.7e90dc26@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b87f70f695f1ed21e0e7867f0c60778c3737d1a7 commit b87f70f695f1ed21e0e7867f0c60778c3737d1a7 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-12-14 15:48:27 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2026-01-07 13:50:37 +0000 pfsync: Avoid zeroing the state export union pfsync_state_export() takes a pointer to a union that is in reality a pointer to one of the three state formats (1301, 1400, 1500), and zeros the union. The three formats do not have the same size, so zeroing is wrong when the format isn't that which has the largest size. Refactor a bit so that the zeroing happens at the layer where we know which format we're dealing with. Reported by: CHERI Reviewed by: kp MFC after: 1 week Sponsored by: CHERI Research Centre (EPSRC grant UKRI3001) Differential Revision: https://reviews.freebsd.org/D54163 (cherry picked from commit 796abca7e281f0d4b7f72f48da4f941e1c8b139c) --- sys/net/pfvar.h | 6 ++++-- sys/netpfil/pf/if_pfsync.c | 10 ++++++---- sys/netpfil/pf/pf_ioctl.c | 26 +++++++++++++++++++------- 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index de18ead7281e..c8ea58770c7d 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1198,8 +1198,10 @@ VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); #define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; -void pfsync_state_export(union pfsync_state_union *, - struct pf_kstate *, int); +void pfsync_state_export_1301(struct pfsync_state_1301 *, + struct pf_kstate *); +void pfsync_state_export_1400(struct pfsync_state_1400 *, + struct pf_kstate *); void pf_state_export(struct pf_state_export *, struct pf_kstate *); diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index cf46a8da94df..6b828989c54d 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -1700,17 +1700,19 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data) static void pfsync_out_state_1301(struct pf_kstate *st, void *buf) { - union pfsync_state_union *sp = buf; + struct pfsync_state_1301 *sp; - pfsync_state_export(sp, st, PFSYNC_MSG_VERSION_1301); + sp = buf; + pfsync_state_export_1301(sp, st); } static void pfsync_out_state_1400(struct pf_kstate *st, void *buf) { - union pfsync_state_union *sp = buf; + struct pfsync_state_1400 *sp; - pfsync_state_export(sp, st, PFSYNC_MSG_VERSION_1400); + sp = buf; + pfsync_state_export_1400(sp, st); } static void diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index cf53ea638095..c7eefdf6e34c 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -3729,8 +3729,7 @@ DIOCCHANGERULE_error: break; } - pfsync_state_export((union pfsync_state_union*)&ps->state, - s, PFSYNC_MSG_VERSION_1301); + pfsync_state_export_1301(&ps->state, s); PF_STATE_UNLOCK(s); break; } @@ -3795,8 +3794,7 @@ DIOCGETSTATES_retry: if (s->timeout == PFTM_UNLINKED) continue; - pfsync_state_export((union pfsync_state_union*)p, - s, PFSYNC_MSG_VERSION_1301); + pfsync_state_export_1301(p, s); p++; nr++; } @@ -5656,11 +5654,9 @@ fail: return (error); } -void +static void pfsync_state_export(union pfsync_state_union *sp, struct pf_kstate *st, int msg_version) { - bzero(sp, sizeof(union pfsync_state_union)); - /* copy from state key */ sp->pfs_1301.key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0]; sp->pfs_1301.key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1]; @@ -5743,6 +5739,22 @@ pfsync_state_export(union pfsync_state_union *sp, struct pf_kstate *st, int msg_ pf_state_counter_hton(st->bytes[1], sp->pfs_1301.bytes[1]); } +void +pfsync_state_export_1301(struct pfsync_state_1301 *sp, struct pf_kstate *st) +{ + bzero(sp, sizeof(*sp)); + pfsync_state_export((union pfsync_state_union *)sp, st, + PFSYNC_MSG_VERSION_1301); +} + +void +pfsync_state_export_1400(struct pfsync_state_1400 *sp, struct pf_kstate *st) +{ + bzero(sp, sizeof(*sp)); + pfsync_state_export((union pfsync_state_union *)sp, st, + PFSYNC_MSG_VERSION_1400); +} + void pf_state_export(struct pf_state_export *sp, struct pf_kstate *st) {home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?695e64bf.3f1e5.7e90dc26>