Date: Thu, 3 Oct 2002 22:04:41 +0300 (EEST) From: Andrey Simonenko <simon@simon.org.ua> To: Luigi Rizzo <rizzo@icir.org> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Q about sbin/ipfw2.c:list() Message-ID: <20021003215546.M7110-100000@lion.com.ua> In-Reply-To: <20021002062546.C22163@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2 Oct 2002, Luigi Rizzo wrote: > On Wed, Oct 02, 2002 at 02:15:42PM +0300, Andrey Simonenko wrote: > > Hello, > > > > Why is it needed to check both r->rulenum and (void *)r < lim in > > sbin/ipfw2.c:list() ? > > because the buffer has a limited size (nbytes) and you don't want > to read past it. However there is a bug in the code below, > because you should swap the checks (void *)r < lim && r->rulenum < 65535 > > Whether ipfw1.c has the same bug or not i don't remember, but that > is irrelevant anyways. ipfw1.c:list() doesn't check address boundary, it checks only a rule 65535. Why is it possible that getsockopt(IP_FW_GET) can return not all IPFW2 rules? According to ipfw(8) manual page there is always a rule 65535, so this rule should be always present after getsockopt(IP_FW_GET) call (of course there should be enought memory in a buffer, but it is checked in the code of list() function): /* get rules or pipes from kernel, resizing array as necessary */ nbytes = nalloc; while (nbytes >= nalloc) { nalloc = nalloc * 2 + 200; nbytes = nalloc; if ((data = realloc(data, nbytes)) == NULL) err(EX_OSERR, "realloc"); if (getsockopt(s, IPPROTO_IP, ocmd, data, &nbytes) < 0) err(EX_OSERR, "getsockopt(IP_%s_GET)", do_pipe ? "DUMMYNET" : "FW"); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021003215546.M7110-100000>