Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Oct 2004 17:07:33 GMT
From:      Richard Andrades <richard.andrades@utstar.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/72393: missing break after case AF_INET6 in key_sockaddrcmp
Message-ID:  <200410061707.i96H7Xja076686@www.freebsd.org>
Resent-Message-ID: <200410061710.i96HANiO080314@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         72393
>Category:       kern
>Synopsis:       missing break after case AF_INET6 in key_sockaddrcmp
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 06 17:10:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Richard Andrades
>Release:        4.9-RELEASE
>Organization:
UTStarcom, Inc.
>Environment:
FreeBSD mobomom.nj.us.utstar.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Dec  8 19:07:51 EST 2003     root@x7.nj.us.utstar.com:/usr/src/sys/compile/GENERIC_ROCKETPORT  i386
>Description:
The function key_sockaddrcmp(). has the following problem. If the 
function is called with the parameter port = 0, meaning that the 
port number should not be used in the address comparison, at the
end of the successful comparison of the test of the address structure, 
the test control will fall through to the default case which can
fail due to a difference in the port number.

>How-To-Repeat:
Fund it while debugging the code for an unrelated problem. It can
probably be reproduced by installing a policy that is intended to
cover all ports and sending packets with different port numbers.
>Fix:
FILE: src/sys/netkey/key.c
static int
key_sockaddrcmp(sa1, sa2, port)
	struct sockaddr *sa1;
	struct sockaddr *sa2;
	int port;
{
..
..

	case AF_INET6:
..
..
		if (port &&
		    satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
			return 1;
		}
                break; /**** BUGFIX Add this missing break */
	default:
		if (bcmp(sa1, sa2, sa1->sa_len) != 0)
			return 1;
		break;
	}


Although I found this with version 4.9, I checked the codebase
and the problem is still present in the latest version.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410061707.i96H7Xja076686>