From owner-freebsd-net Thu Oct 3 12: 5: 0 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB0CE37B401 for ; Thu, 3 Oct 2002 12:04:58 -0700 (PDT) Received: from lion.com.ua (lion.com.ua [213.133.161.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id D1AF843E42 for ; Thu, 3 Oct 2002 12:04:53 -0700 (PDT) (envelope-from sa@simon.org.ua) Received: from localhost (localhost [127.0.0.1]) by lion.com.ua (8.12.5/8.12.5) with ESMTP id g93J4fvI007155; Thu, 3 Oct 2002 22:04:43 +0300 (EEST) (envelope-from sa@simon.org.ua) Date: Thu, 3 Oct 2002 22:04:41 +0300 (EEST) From: Andrey Simonenko X-X-Sender: sa@lion.com.ua To: Luigi Rizzo Cc: freebsd-net@FreeBSD.ORG Subject: Re: Q about sbin/ipfw2.c:list() In-Reply-To: <20021002062546.C22163@iguana.icir.org> Message-ID: <20021003215546.M7110-100000@lion.com.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 2 Oct 2002, Luigi Rizzo wrote: > On Wed, Oct 02, 2002 at 02:15:42PM +0300, Andrey Simonenko wrote: > > Hello, > > > > Why is it needed to check both r->rulenum and (void *)r < lim in > > sbin/ipfw2.c:list() ? > > because the buffer has a limited size (nbytes) and you don't want > to read past it. However there is a bug in the code below, > because you should swap the checks (void *)r < lim && r->rulenum < 65535 > > Whether ipfw1.c has the same bug or not i don't remember, but that > is irrelevant anyways. ipfw1.c:list() doesn't check address boundary, it checks only a rule 65535. Why is it possible that getsockopt(IP_FW_GET) can return not all IPFW2 rules? According to ipfw(8) manual page there is always a rule 65535, so this rule should be always present after getsockopt(IP_FW_GET) call (of course there should be enought memory in a buffer, but it is checked in the code of list() function): /* get rules or pipes from kernel, resizing array as necessary */ nbytes = nalloc; while (nbytes >= nalloc) { nalloc = nalloc * 2 + 200; nbytes = nalloc; if ((data = realloc(data, nbytes)) == NULL) err(EX_OSERR, "realloc"); if (getsockopt(s, IPPROTO_IP, ocmd, data, &nbytes) < 0) err(EX_OSERR, "getsockopt(IP_%s_GET)", do_pipe ? "DUMMYNET" : "FW"); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message