Date: Mon, 16 May 2005 21:02:20 +0200 (CEST) From: Joost Bekkers <joost@jodocus.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/81128: incorrect handling of an empty pfil list in pfil_run_hooks() Message-ID: <200505161902.j4GJ2Ke9065356@jodocus.org> Resent-Message-ID: <200505161910.j4GJA3eC019108@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 81128
>Category: kern
>Synopsis: incorrect handling of an empty pfil list in pfil_run_hooks()
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 16 19:10:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Joost Bekkers
>Release: FreeBSD 5.4-RELEASE i386
>Organization:
>Environment:
System: FreeBSD bps.jodocus.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Tue May 10 13:46:16 CEST 2005 joost@bps.jodocus.org:/usr/obj/usr/src/sys/bps i386
>Description:
pfil_run_hooks() in sys/net/pfil.c currently contains:
========================
if (ph->ph_busy_count == -1 || ph->ph_want_write) {
m_freem(*mp);
*mp = NULL;
return (ENOBUFS);
}
========================
'ph_busy_count == -1' means there are no hooks in either the in or out list.
Which means the packet should be passed and not dropped as is now the case.
The problem currently doesn't surface because everywhere pfil_run_hooks() is
called, the call is preceded by a check for 'ph_busy_count == -1'. If true
the call is skipped.
>How-To-Repeat:
>Fix:
split the if into two parts:
if (ph->ph_busy_count == -1)
return 0;
if (ph->ph_want_write) {
m_freem(*mp);
*mp = NULL;
return (ENOBUFS);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505161902.j4GJ2Ke9065356>