From owner-freebsd-bugs@FreeBSD.ORG Mon May 16 19:10:04 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 315C916A4CE for ; Mon, 16 May 2005 19:10:04 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC4C443DAC for ; Mon, 16 May 2005 19:10:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j4GJA3R8019109 for ; Mon, 16 May 2005 19:10:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j4GJA3eC019108; Mon, 16 May 2005 19:10:03 GMT (envelope-from gnats) Resent-Date: Mon, 16 May 2005 19:10:03 GMT Resent-Message-Id: <200505161910.j4GJA3eC019108@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Joost Bekkers Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 897EF16A4CE for ; Mon, 16 May 2005 19:02:27 +0000 (GMT) Received: from bps.jodocus.org (g157016.upc-g.chello.nl [80.57.157.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id B458C43DA3 for ; Mon, 16 May 2005 19:02:26 +0000 (GMT) (envelope-from joost@jodocus.org) Received: from jodocus.org (localhost [127.0.0.1]) by bps.jodocus.org (8.13.3/8.13.1) with ESMTP id j4GJ2K0r065357 for ; Mon, 16 May 2005 21:02:20 +0200 (CEST) (envelope-from joost@jodocus.org) Received: (from joost@localhost) by jodocus.org (8.13.3/8.13.1/Submit) id j4GJ2Ke9065356; Mon, 16 May 2005 21:02:20 +0200 (CEST) (envelope-from joost) Message-Id: <200505161902.j4GJ2Ke9065356@jodocus.org> Date: Mon, 16 May 2005 21:02:20 +0200 (CEST) From: Joost Bekkers To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/81128: incorrect handling of an empty pfil list in pfil_run_hooks() X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Joost Bekkers List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2005 19:10:04 -0000 >Number: 81128 >Category: kern >Synopsis: incorrect handling of an empty pfil list in pfil_run_hooks() >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 16 19:10:03 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Joost Bekkers >Release: FreeBSD 5.4-RELEASE i386 >Organization: >Environment: System: FreeBSD bps.jodocus.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Tue May 10 13:46:16 CEST 2005 joost@bps.jodocus.org:/usr/obj/usr/src/sys/bps i386 >Description: pfil_run_hooks() in sys/net/pfil.c currently contains: ======================== if (ph->ph_busy_count == -1 || ph->ph_want_write) { m_freem(*mp); *mp = NULL; return (ENOBUFS); } ======================== 'ph_busy_count == -1' means there are no hooks in either the in or out list. Which means the packet should be passed and not dropped as is now the case. The problem currently doesn't surface because everywhere pfil_run_hooks() is called, the call is preceded by a check for 'ph_busy_count == -1'. If true the call is skipped. >How-To-Repeat: >Fix: split the if into two parts: if (ph->ph_busy_count == -1) return 0; if (ph->ph_want_write) { m_freem(*mp); *mp = NULL; return (ENOBUFS); } >Release-Note: >Audit-Trail: >Unformatted: