From owner-svn-src-all@FreeBSD.ORG Wed Jun 10 10:47:31 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D04C8106568C; Wed, 10 Jun 2009 10:47:31 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BEBF78FC25; Wed, 10 Jun 2009 10:47:31 +0000 (UTC) (envelope-from luigi@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n5AAlVJH010589; Wed, 10 Jun 2009 10:47:31 GMT (envelope-from luigi@svn.freebsd.org) Received: (from luigi@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n5AAlV0o010588; Wed, 10 Jun 2009 10:47:31 GMT (envelope-from luigi@svn.freebsd.org) Message-Id: <200906101047.n5AAlV0o010588@svn.freebsd.org> From: Luigi Rizzo Date: Wed, 10 Jun 2009 10:47:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r193896 - head/sys/netinet/ipfw X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jun 2009 10:47:32 -0000 Author: luigi Date: Wed Jun 10 10:47:31 2009 New Revision: 193896 URL: http://svn.freebsd.org/changeset/base/193896 Log: in ip_dn_ctl(), do not allocate a large structure on the stack, and use malloc() instead if/when it is necessary. The problem is less relevant in previous versions because the variable involved (tmp_pipe) is much smaller there. Still worth fixing though. Submitted by: Marta Carbone (GSOC) MFC after: 3 days Modified: head/sys/netinet/ipfw/ip_dummynet.c Modified: head/sys/netinet/ipfw/ip_dummynet.c ============================================================================== --- head/sys/netinet/ipfw/ip_dummynet.c Wed Jun 10 10:39:41 2009 (r193895) +++ head/sys/netinet/ipfw/ip_dummynet.c Wed Jun 10 10:47:31 2009 (r193896) @@ -2165,9 +2165,8 @@ dummynet_get(struct sockopt *sopt) static int ip_dn_ctl(struct sockopt *sopt) { - int error = 0 ; - struct dn_pipe *p; - struct dn_pipe_max tmp_pipe; /* pipe + large buffer */ + int error; + struct dn_pipe *p = NULL; error = priv_check(sopt->sopt_td, PRIV_NETINET_DUMMYNET); if (error) @@ -2188,7 +2187,8 @@ ip_dn_ctl(struct sockopt *sopt) switch (sopt->sopt_name) { default : printf("dummynet: -- unknown option %d", sopt->sopt_name); - return EINVAL ; + error = EINVAL ; + break; case IP_DUMMYNET_GET : error = dummynet_get(sopt); @@ -2199,25 +2199,27 @@ ip_dn_ctl(struct sockopt *sopt) break ; case IP_DUMMYNET_CONFIGURE : - p = (struct dn_pipe *)&tmp_pipe ; - error = sooptcopyin(sopt, p, sizeof(tmp_pipe), sizeof *p); + p = malloc(sizeof(struct dn_pipe_max), M_TEMP, M_WAITOK); + error = sooptcopyin(sopt, p, sizeof(struct dn_pipe_max), sizeof *p); if (error) break ; if (p->samples_no > 0) - p->samples = &tmp_pipe.samples[0]; + p->samples = &(((struct dn_pipe_max *)p)->samples[0]); error = config_pipe(p); break ; case IP_DUMMYNET_DEL : /* remove a pipe or queue */ - p = (struct dn_pipe *)&tmp_pipe ; - error = sooptcopyin(sopt, p, sizeof *p, sizeof *p); + p = malloc(sizeof(struct dn_pipe), M_TEMP, M_WAITOK); + error = sooptcopyin(sopt, p, sizeof(struct dn_pipe), sizeof *p); if (error) break ; error = delete_pipe(p); break ; } + if (p != NULL) + free(p, M_TEMP); return error ; }