Date: Tue, 17 Dec 2019 10:26:44 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r355851 - stable/11/sys/netpfil/ipfw Message-ID: <201912171026.xBHAQiqj052073@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Tue Dec 17 10:26:44 2019 New Revision: 355851 URL: https://svnweb.freebsd.org/changeset/base/355851 Log: MFC r355581: Avoid access to stale ip pointer and call UPDATE_POINTERS() after PULLUP_LEN_LOCKED(). PULLUP_LEN_LOCKED() could update mbuf and thus we need to update related pointers that can be used in next opcodes. Reported by: Maxime Villard <max at m00nbsd net> NOTE: this commit also adds UPDATE_POINTERS() stub macro, that originally is part of r345166 commit that was not merged. Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:23:08 2019 (r355850) +++ stable/11/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:26:44 2019 (r355851) @@ -1441,7 +1441,15 @@ do { \ #define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) #define PULLUP_LEN_LOCKED(_len, p, T) \ - _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); + _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ + UPDATE_POINTERS() +/* + * In case pointers got stale after pullups, update them. + */ +#define UPDATE_POINTERS() \ +do { \ + ip = mtod(m, struct ip *); \ +} while (0) /* * if we have an ether header,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912171026.xBHAQiqj052073>