From owner-svn-src-head@freebsd.org Fri Jan 8 23:38:35 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31948A67940 for ; Fri, 8 Jan 2016 23:38:35 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com [IPv6:2a00:1450:400c:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B7525179D for ; Fri, 8 Jan 2016 23:38:34 +0000 (UTC) (envelope-from oliver.pinter@hardenedbsd.org) Received: by mail-wm0-x230.google.com with SMTP id f206so152508098wmf.0 for ; Fri, 08 Jan 2016 15:38:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=8unOLfYpy/pSM5Qvw3n9IrpyPYjBrF/vvGf/w26csWs=; b=NqnEdt/fQvw3pWC3h7BcxLsckpCo4jNPhnX7CPiNO5KcZAZ3IROVSdslKWrfmGoKax CPHpt/LK+kP8TH8tjUYuyx+2GeSeV5urKauOrW4i+xk0hiVKue8XXNmeULrsK2aqnISz +BUxR2EyxV8DEIIQXskBm2sKRUpjmBHDDOGyg6HzDvoW8/tlxScDnhsHmyrFV3hgj1Ic 8CDJukeOyLjrgZbmy6Qrh9bY0JtfdL1StqGJ02hPkJDdS1H3zP0zepAXzCUTsm3jRJCR Zqzzyyr1RV6xpWKFum4QdJhStsrtYuJfx4vhxoQp8a1eqebBxWGUEN6O4c0vjcz5K7lk I5yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=8unOLfYpy/pSM5Qvw3n9IrpyPYjBrF/vvGf/w26csWs=; b=lYCtzBIPl/zWjwcybx05HHXLqqyZrMeCdQ+oQzEY1Q+aRokAEXeWlu5vxVruOYNhAy 3cvD1uPBk4D/4ut+ZM8Pw1CukEIjM6Cq/gqO0Wdv8t9yFuzZ6C+v1y0DFGyYEK5y+2eQ X072vCq3DRjPQtQ1gi3EqWNwtsAvf5IpnIfvDr2G9pRZ+TXz03s28sblpTvsjlLMUHVA wmdut2xj8gEBdFS8WSvawhRHmDSm9RckjTfdWWT+aO8GhsxrbEZjes7Yx1PlSlUEA/FA cfO5WPO8b+rPLdOn3a2hE9lpH5z/7VAG+wjv0EmEXuQ0DIs8VSUrsb+PQC1bf9avwH5t T7xg== X-Gm-Message-State: ALoCoQnU6UjLzBPjNZT/QmCNSJPOPnv9kkbKF73GoiLLqfxhdq1TJ13bcSPZDefvTirnqtBypWA7BHUIrBof4thUj/ODgA30qDBtnH79D00FicbiETBJUb8= MIME-Version: 1.0 X-Received: by 10.194.223.39 with SMTP id qr7mr119866941wjc.63.1452296312224; Fri, 08 Jan 2016 15:38:32 -0800 (PST) Received: by 10.194.85.167 with HTTP; Fri, 8 Jan 2016 15:38:32 -0800 (PST) In-Reply-To: <201601041503.u04F3Lps031314@repo.freebsd.org> References: <201601041503.u04F3Lps031314@repo.freebsd.org> Date: Sat, 9 Jan 2016 00:38:32 +0100 Message-ID: Subject: Re: svn commit: r293159 - in head/sys: net netinet netinet6 From: Oliver Pinter To: "Alexander V. Chernikov" Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2016 23:38:35 -0000 On 1/4/16, Alexander V. Chernikov wrote: > Author: melifaro > Date: Mon Jan 4 15:03:20 2016 > New Revision: 293159 > URL: https://svnweb.freebsd.org/changeset/base/293159 > > Log: > Add rib_lookup_info() to provide API for retrieving individual route > entries data in unified format. > > There are control plane functions that require information other than > just next-hop data (e.g. individual rtentry fields like flags or > prefix/mask). Given that the goal is to avoid rte > reference/refcounting, > re-use rt_addrinfo structure to store most rte fields. If caller wants > to retrieve key/mask or gateway (which are sockaddrs and are allocated > separately), it needs to provide sufficient-sized sockaddrs structures > w/ ther pointers saved in passed rt_addrinfo. > > Convert: > * lltable new records checks (in_lltable_rtcheck(), > nd6_is_new_addr_neighbor(). > * rtsock pre-add/change route check. > * IPv6 NS ND-proxy check (RADIX_MPATH code was eliminated because > 1) we don't support RTF_ANNOUNCE ND-proxy for networks and there > should > not be multiple host routes for such hosts 2) if we have multiple > routes we should inspect them (which is not done). 3) the entire > idea > of abusing KRT as storage for ND proxy seems odd. Userland > programs > should be used for that purpose). > > Modified: > head/sys/net/route.c > head/sys/net/route.h > head/sys/net/rtsock.c > head/sys/netinet/in.c > head/sys/netinet6/nd6.c > head/sys/netinet6/nd6_nbr.c > > Modified: head/sys/net/route.c > ============================================================================== > --- head/sys/net/route.c Mon Jan 4 09:58:16 2016 (r293158) > +++ head/sys/net/route.c Mon Jan 4 15:03:20 2016 (r293159) > @@ -147,6 +147,8 @@ static void rt_notifydelete(struct rtent > static struct radix_node *rt_mpath_unlink(struct radix_node_head *rnh, > struct rt_addrinfo *info, struct rtentry *rto, int *perror); > #endif > +static int rt_exportinfo(struct rtentry *rt, struct rt_addrinfo *info, > + int flags); > > struct if_mtuinfo > { > @@ -832,6 +834,147 @@ rtrequest_fib(int req, > > > /* > + * Copy most of @rt data into @info. > + * > + * If @flags contains NHR_COPY, copies dst,netmask and gw to the > + * pointers specified by @info structure. Assume such pointers > + * are zeroed sockaddr-like structures with sa_len field initialized > + * to reflect size of the provided buffer. if no NHR_COPY is specified, > + * point dst,netmask and gw @info fields to appropriate @rt values. > + * > + * if @flags contains NHR_REF, do refcouting on rt_ifp. > + * > + * Returns 0 on success. > + */ > +int > +rt_exportinfo(struct rtentry *rt, struct rt_addrinfo *info, int flags) > +{ > + struct rt_metrics *rmx; > + struct sockaddr *src, *dst; > + int sa_len; > + > + if (flags & NHR_COPY) { > + /* Copy destination if dst is non-zero */ > + src = rt_key(rt); > + dst = info->rti_info[RTAX_DST]; > + sa_len = src->sa_len; ** CID 1347797: Null pointer dereferences (REVERSE_INULL) /sys/net/route.c: 861 in rt_exportinfo() ________________________________________________________________________________________________________ *** CID 1347797: Null pointer dereferences (REVERSE_INULL) /sys/net/route.c: 861 in rt_exportinfo() 855 856 if (flags & NHR_COPY) { 857 /* Copy destination if dst is non-zero */ 858 src = rt_key(rt); 859 dst = info->rti_info[RTAX_DST]; 860 sa_len = src->sa_len; >>> CID 1347797: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "src" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 861 if (src != NULL && dst != NULL) { 862 if (src->sa_len > dst->sa_len) 863 return (ENOMEM); 864 memcpy(dst, src, src->sa_len); 865 info->rti_addrs |= RTA_DST; 866 } > + if (src != NULL && dst != NULL) { > + if (src->sa_len > dst->sa_len) > + return (ENOMEM); > + memcpy(dst, src, src->sa_len); > + info->rti_addrs |= RTA_DST; > + } > + > + /* Copy mask if set && dst is non-zero */ [...] > _______________________________________________ > svn-src-head@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to "svn-src-head-unsubscribe@freebsd.org" >