Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 14 Apr 2017 11:19:09 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r316824 - head/sys/netpfil/ipfw
Message-ID:  <201704141119.v3EBJ9dH086893@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Fri Apr 14 11:19:09 2017
New Revision: 316824
URL: https://svnweb.freebsd.org/changeset/base/316824

Log:
  The rule field in the ipfw_dyn_rule structure is used as storage
  to pass rule number and rule set to userland. In r272840 the kernel
  internal rule representation was changed and the rulenum field of
  struct ip_fw_rule got the type uint32_t, but userlevel representation
  still have the type uint16_t. To not overflow the size of pointer
  on the systems with 32-bit pointer size use separate variable to
  copy rulenum and set.
  
  Reported by:	PVS-Studio
  MFC after:	1 week

Modified:
  head/sys/netpfil/ipfw/ip_fw_dynamic.c

Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==============================================================================
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c	Fri Apr 14 10:21:38 2017	(r316823)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c	Fri Apr 14 11:19:09 2017	(r316824)
@@ -1709,15 +1709,17 @@ ipfw_dyn_get_count(void)
 static void
 export_dyn_rule(ipfw_dyn_rule *src, ipfw_dyn_rule *dst)
 {
+	uint16_t rulenum;
 
+	rulenum = (uint16_t)src->rule->rulenum;
 	memcpy(dst, src, sizeof(*src));
-	memcpy(&(dst->rule), &(src->rule->rulenum), sizeof(src->rule->rulenum));
+	memcpy(&dst->rule, &rulenum, sizeof(rulenum));
 	/*
 	 * store set number into high word of
 	 * dst->rule pointer.
 	 */
-	memcpy((char *)&dst->rule + sizeof(src->rule->rulenum),
-	    &(src->rule->set), sizeof(src->rule->set));
+	memcpy((char *)&dst->rule + sizeof(rulenum), &src->rule->set,
+	    sizeof(src->rule->set));
 	/*
 	 * store a non-null value in "next".
 	 * The userland code will interpret a
@@ -1725,8 +1727,8 @@ export_dyn_rule(ipfw_dyn_rule *src, ipfw
 	 * for the last dynamic rule.
 	 */
 	memcpy(&dst->next, &dst, sizeof(dst));
-	dst->expire =
-	    TIME_LEQ(dst->expire, time_uptime) ?  0 : dst->expire - time_uptime;
+	dst->expire = TIME_LEQ(dst->expire, time_uptime) ?  0:
+	    dst->expire - time_uptime;
 }
 
 /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704141119.v3EBJ9dH086893>