From nobody Wed Jan 7 13:50:55 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dmTvh2lR0z6Mt1m for ; Wed, 07 Jan 2026 13:50:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dmTvg6TpZz3WY3 for ; Wed, 07 Jan 2026 13:50:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767793855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nZhAojCZQQUYWmXkfldOuGiLVjRwCDyVF3oVtJMfNSM=; b=NXaI8Ygwp99+nkGMebrVeffuPd4SNd9YE/7UpS4UC3gv7zcLsJh9fSXlqCglOTu+K9st4s HGioKr7+kw0SOMdogFsNYX50Nz+H3TtD2ZQeoqkd0nmGkaRxt+pWV8SZeZBp3mma1SB8ye FCnyz+fQg8hakT4BmBHSwXi+R70uy/VoeFCddx2QBwmkBlxLTNXegdFg3+WTrf0Fj3TdOW DYNicahRSmoj0vBAMrSHaFlHcceDpqQ+2tEpTq2+hhZSRmEmtGTt1jpjYebwT6ZTvQyu60 PZBqo7V+FCekUX7QsLZtUNHhbfgFVQAZ6E8E0Bve8NgJyJ0hy5QBMrMqAImZfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767793855; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=nZhAojCZQQUYWmXkfldOuGiLVjRwCDyVF3oVtJMfNSM=; b=l6OcMqICwTMnFh3UqLzXzRCDhUMLibTNLq1FKDhgihw986onYA1ViSBr2rC08HljuQvAlI EufMaFYaIpAjRBTqZTbMbT2gwbFsQPrGmpLF50Jje3Fh1AtbVdiqZnSXilDwjgMZ3+zKqI xtcJeP0fg27tkvm3iLJexVrq/7VxDuMwDLCQ1nuPFtJZg/uAnYWGxAc7HaSTbLKG29Lw5s mTz0k+hvPbuzLbLEeYZxuwYVTdNLYYjHSNOBFXjPhFObnJWwz15QJQSSBqtAQMt5WvC9wW aqROJqtKNd2gt/3P+zcu3VR8pwp61Cw0ZdmGfOpKbmQE90aAwQRFR4srY8moxQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1767793855; a=rsa-sha256; cv=none; b=TX3IWrzcZvc4E9lqrVYa2P9rfQQ4EBZZq4u6RBVPAK6eB/OGR9c3S7g9hc3kKOvRUcceug xeZN9UTo07KF+kzkck9mWSGmbqLb2IGUSdQncw6T0ydG7ElVZc7sD7FZDJzBMDy7McrFsk UvJIHJb/lPRRI5iwgEmnm9E9g8sStJev27gGM3SJFxdywUq1zWg7QSn/UywZZj9qDWPhg0 HufxPF4EKzD+gnFBgAxMkzbnHBcXzB20G6ZFh1tKCZScoBzbKzM/2gJzCXdiGZIFwMsN2W Qz/rV4cyRXrlpV6qOnx8BhEGzsQ29+rFjluZ/HxtLlgXkqUZqC7WrD9/c7nJjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dmTvg5tp1zvRV for ; Wed, 07 Jan 2026 13:50:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3f1e5 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Wed, 07 Jan 2026 13:50:55 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b87f70f695f1 - stable/14 - pfsync: Avoid zeroing the state export union List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: b87f70f695f1ed21e0e7867f0c60778c3737d1a7 Auto-Submitted: auto-generated Date: Wed, 07 Jan 2026 13:50:55 +0000 Message-Id: <695e64bf.3f1e5.7e90dc26@gitrepo.freebsd.org> The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b87f70f695f1ed21e0e7867f0c60778c3737d1a7 commit b87f70f695f1ed21e0e7867f0c60778c3737d1a7 Author: Mark Johnston AuthorDate: 2025-12-14 15:48:27 +0000 Commit: Mark Johnston CommitDate: 2026-01-07 13:50:37 +0000 pfsync: Avoid zeroing the state export union pfsync_state_export() takes a pointer to a union that is in reality a pointer to one of the three state formats (1301, 1400, 1500), and zeros the union. The three formats do not have the same size, so zeroing is wrong when the format isn't that which has the largest size. Refactor a bit so that the zeroing happens at the layer where we know which format we're dealing with. Reported by: CHERI Reviewed by: kp MFC after: 1 week Sponsored by: CHERI Research Centre (EPSRC grant UKRI3001) Differential Revision: https://reviews.freebsd.org/D54163 (cherry picked from commit 796abca7e281f0d4b7f72f48da4f941e1c8b139c) --- sys/net/pfvar.h | 6 ++++-- sys/netpfil/pf/if_pfsync.c | 10 ++++++---- sys/netpfil/pf/pf_ioctl.c | 26 +++++++++++++++++++------- 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h index de18ead7281e..c8ea58770c7d 100644 --- a/sys/net/pfvar.h +++ b/sys/net/pfvar.h @@ -1198,8 +1198,10 @@ VNET_DECLARE(pfsync_defer_t *, pfsync_defer_ptr); #define V_pfsync_defer_ptr VNET(pfsync_defer_ptr) extern pfsync_detach_ifnet_t *pfsync_detach_ifnet_ptr; -void pfsync_state_export(union pfsync_state_union *, - struct pf_kstate *, int); +void pfsync_state_export_1301(struct pfsync_state_1301 *, + struct pf_kstate *); +void pfsync_state_export_1400(struct pfsync_state_1400 *, + struct pf_kstate *); void pf_state_export(struct pf_state_export *, struct pf_kstate *); diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index cf46a8da94df..6b828989c54d 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -1700,17 +1700,19 @@ pfsyncioctl(struct ifnet *ifp, u_long cmd, caddr_t data) static void pfsync_out_state_1301(struct pf_kstate *st, void *buf) { - union pfsync_state_union *sp = buf; + struct pfsync_state_1301 *sp; - pfsync_state_export(sp, st, PFSYNC_MSG_VERSION_1301); + sp = buf; + pfsync_state_export_1301(sp, st); } static void pfsync_out_state_1400(struct pf_kstate *st, void *buf) { - union pfsync_state_union *sp = buf; + struct pfsync_state_1400 *sp; - pfsync_state_export(sp, st, PFSYNC_MSG_VERSION_1400); + sp = buf; + pfsync_state_export_1400(sp, st); } static void diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index cf53ea638095..c7eefdf6e34c 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -3729,8 +3729,7 @@ DIOCCHANGERULE_error: break; } - pfsync_state_export((union pfsync_state_union*)&ps->state, - s, PFSYNC_MSG_VERSION_1301); + pfsync_state_export_1301(&ps->state, s); PF_STATE_UNLOCK(s); break; } @@ -3795,8 +3794,7 @@ DIOCGETSTATES_retry: if (s->timeout == PFTM_UNLINKED) continue; - pfsync_state_export((union pfsync_state_union*)p, - s, PFSYNC_MSG_VERSION_1301); + pfsync_state_export_1301(p, s); p++; nr++; } @@ -5656,11 +5654,9 @@ fail: return (error); } -void +static void pfsync_state_export(union pfsync_state_union *sp, struct pf_kstate *st, int msg_version) { - bzero(sp, sizeof(union pfsync_state_union)); - /* copy from state key */ sp->pfs_1301.key[PF_SK_WIRE].addr[0] = st->key[PF_SK_WIRE]->addr[0]; sp->pfs_1301.key[PF_SK_WIRE].addr[1] = st->key[PF_SK_WIRE]->addr[1]; @@ -5743,6 +5739,22 @@ pfsync_state_export(union pfsync_state_union *sp, struct pf_kstate *st, int msg_ pf_state_counter_hton(st->bytes[1], sp->pfs_1301.bytes[1]); } +void +pfsync_state_export_1301(struct pfsync_state_1301 *sp, struct pf_kstate *st) +{ + bzero(sp, sizeof(*sp)); + pfsync_state_export((union pfsync_state_union *)sp, st, + PFSYNC_MSG_VERSION_1301); +} + +void +pfsync_state_export_1400(struct pfsync_state_1400 *sp, struct pf_kstate *st) +{ + bzero(sp, sizeof(*sp)); + pfsync_state_export((union pfsync_state_union *)sp, st, + PFSYNC_MSG_VERSION_1400); +} + void pf_state_export(struct pf_state_export *sp, struct pf_kstate *st) {