Date: Wed, 30 Jan 2019 20:22:33 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r343590 - head/sys/contrib/ipfilter/netinet Message-ID: <201901302022.x0UKMXHg053146@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Wed Jan 30 20:22:33 2019 New Revision: 343590 URL: https://svnweb.freebsd.org/changeset/base/343590 Log: When copying a NAT rule struct to userland for save by ipfs, use the length of the struct in memmove() rather than an unintialized variable. This fixes the first of two kernel page faults when ipfs is invoked. PR: 235110 Reported by: David.Boyd49@twc.com MFC after: 2 weeks Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c ============================================================================== --- head/sys/contrib/ipfilter/netinet/ip_nat.c Wed Jan 30 19:19:14 2019 (r343589) +++ head/sys/contrib/ipfilter/netinet/ip_nat.c Wed Jan 30 20:22:33 2019 (r343590) @@ -1866,7 +1866,7 @@ ipf_nat_getent(softc, data, getlock) */ if (nat->nat_ptr != NULL) bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat, - ipn->ipn_ipnat.in_size); + sizeof(nat->nat_ptr)); /* * If we also know the NAT entry has an associated filter rule,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901302022.x0UKMXHg053146>