Date: Tue, 17 Dec 2019 10:00:19 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r355849 - stable/12/sys/netpfil/ipfw Message-ID: <201912171000.xBHA0JsZ035347@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Tue Dec 17 10:00:19 2019 New Revision: 355849 URL: https://svnweb.freebsd.org/changeset/base/355849 Log: MFC r355581: Avoid access to stale ip pointer and call UPDATE_POINTERS() after PULLUP_LEN_LOCKED(). PULLUP_LEN_LOCKED() could update mbuf and thus we need to update related pointers that can be used in next opcodes. Reported by: Maxime Villard <max at m00nbsd net> NOTE: this commit also adds UPDATE_POINTERS() stub macro, that originally is part of r345166 commit that was not merged. Modified: stable/12/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/12/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 09:46:00 2019 (r355848) +++ stable/12/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:00:19 2019 (r355849) @@ -1443,7 +1443,15 @@ do { \ #define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) #define PULLUP_LEN_LOCKED(_len, p, T) \ - _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)) + _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ + UPDATE_POINTERS() +/* + * In case pointers got stale after pullups, update them. + */ +#define UPDATE_POINTERS() \ +do { \ + ip = mtod(m, struct ip *); \ +} while (0) /* * if we have an ether header,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912171000.xBHA0JsZ035347>