subject:"CVS commit\: \[netbsd\-5\-1\] src\/sys\/net"

CVS commit: [netbsd-5-1] src/sys/net

2013-09-11 Thread SAITOH Masanobu

Module Name:src
Committed By:   msaitoh
Date:   Wed Sep 11 07:31:20 UTC 2013

Modified Files:
src/sys/net [netbsd-5-1]: bpf.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1874):
sys/net/bpf.c: revision 1.176 via patch
PR/48198: Peter Bex: Avoid kernel panic caused by setting a very small bpf
buffer size.


To generate a diff of this commit:
cvs rdiff -u -r1.141.6.1 -r1.141.6.1.6.1 src/sys/net/bpf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/bpf.c
diff -u src/sys/net/bpf.c:1.141.6.1 src/sys/net/bpf.c:1.141.6.1.6.1
--- src/sys/net/bpf.c:1.141.6.1	Sat Apr  4 23:36:28 2009
+++ src/sys/net/bpf.c	Wed Sep 11 07:31:20 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: bpf.c,v 1.141.6.1 2009/04/04 23:36:28 snj Exp $	*/
+/*	$NetBSD: bpf.c,v 1.141.6.1.6.1 2013/09/11 07:31:20 msaitoh Exp $	*/
 
 /*
  * Copyright (c) 1990, 1991, 1993
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.141.6.1 2009/04/04 23:36:28 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.141.6.1.6.1 2013/09/11 07:31:20 msaitoh Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_bpf.h"
@@ -1453,7 +1453,7 @@ catchpacket(struct bpf_d *d, u_char *pkt
 void *(*cpfn)(void *, const void *, size_t), struct timeval *tv)
 {
 	struct bpf_hdr *hp;
-	int totlen, curlen;
+	int totlen, curlen, caplen;
 	int hdrlen = d->bd_bif->bif_hdrlen;
 	int do_wakeup = 0;
 
@@ -1468,6 +1468,13 @@ catchpacket(struct bpf_d *d, u_char *pkt
 	totlen = hdrlen + min(snaplen, pktlen);
 	if (totlen > d->bd_bufsize)
 		totlen = d->bd_bufsize;
+	/*
+	 * If we adjusted totlen to fit the bufsize, it could be that
+	 * totlen is smaller than hdrlen because of the link layer header.
+	 */
+	caplen = totlen - hdrlen;
+	if (caplen < 0)
+		caplen = 0;
 
 	/*
 	 * Round up the end of the previous packet to the next longword.
@@ -1507,10 +1514,11 @@ catchpacket(struct bpf_d *d, u_char *pkt
 	hp->bh_tstamp = *tv;
 	hp->bh_datalen = pktlen;
 	hp->bh_hdrlen = hdrlen;
+	hp->bh_caplen = caplen;
 	/*
 	 * Copy the packet data into the store buffer and update its length.
 	 */
-	(*cpfn)((u_char *)hp + hdrlen, pkt, (hp->bh_caplen = totlen - hdrlen));
+	(*cpfn)((u_char *)hp + hdrlen, pkt, caplen);
 	d->bd_slen = curlen + totlen;
 
 	/*

CVS commit: [netbsd-5-1] src/sys/net

2012-02-05 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sun Feb  5 12:35:15 UTC 2012

Modified Files:
src/sys/net [netbsd-5-1]: route.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #1721):
sys/net/route.c: revision 1.126
Count length from the beginning of the structure not the sa_data portion.
=46rom skrll@


To generate a diff of this commit:
cvs rdiff -u -r1.113.4.1 -r1.113.4.1.6.1 src/sys/net/route.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/route.c
diff -u src/sys/net/route.c:1.113.4.1 src/sys/net/route.c:1.113.4.1.6.1
--- src/sys/net/route.c:1.113.4.1	Fri Apr  3 17:59:03 2009
+++ src/sys/net/route.c	Sun Feb  5 12:35:15 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: route.c,v 1.113.4.1 2009/04/03 17:59:03 snj Exp $	*/
+/*	$NetBSD: route.c,v 1.113.4.1.6.1 2012/02/05 12:35:15 bouyer Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@@ -93,7 +93,7 @@
 #include "opt_route.h"
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.113.4.1 2009/04/03 17:59:03 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.113.4.1.6.1 2012/02/05 12:35:15 bouyer Exp $");
 
 #include 
 #include 
@@ -847,8 +847,8 @@ rt_maskedcopy(const struct sockaddr *src
 	const char *netmaskp = &netmask->sa_data[0],
 	   *srcp = &src->sa_data[0];
 	char *dstp = &dst->sa_data[0];
-	const char *maskend = dstp + MIN(netmask->sa_len, src->sa_len);
-	const char *srcend = dstp + src->sa_len;
+	const char *maskend = (char *)dst + MIN(netmask->sa_len, src->sa_len);
+	const char *srcend = (char *)dst + src->sa_len;
 
 	dst->sa_len = src->sa_len;
 	dst->sa_family = src->sa_family;

CVS commit: [netbsd-5-1] src/sys/net

2011-08-08 Thread Jeff Rizzo

Module Name:src
Committed By:   riz
Date:   Mon Aug  8 19:35:16 UTC 2011

Modified Files:
src/sys/net [netbsd-5-1]: if.c

Log Message:
Pull up following revision(s) (requested by sborrill in ticket #1643):
sys/net/if.c: revision 1.243
Prevent if_detach() from crashing while it walks the routing table
to find and unlink routes that reference the detached ifnet: make
if_rt_walktree() return ERESTART whenever it has deleted a route.
Whenever rt_walktree() returns ERESTART, if_detach() restarts it.
I believe that this fix resembles one by Jonathan Kollasch or by someone
else, which has languished in a PR for too long.  Sorry!
Tested by me and by Jeff Rizzo.
XXX It's supposed to be safe for rn_walktree() to apply to the routing
XXX table a routine that may delete routes.  Why isn't it safe in
XXX practice?


To generate a diff of this commit:
cvs rdiff -u -r1.230.4.3 -r1.230.4.3.2.1 src/sys/net/if.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if.c
diff -u src/sys/net/if.c:1.230.4.3 src/sys/net/if.c:1.230.4.3.2.1
--- src/sys/net/if.c:1.230.4.3	Sat Jun 12 16:37:55 2010
+++ src/sys/net/if.c	Mon Aug  8 19:35:15 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: if.c,v 1.230.4.3 2010/06/12 16:37:55 riz Exp $	*/
+/*	$NetBSD: if.c,v 1.230.4.3.2.1 2011/08/08 19:35:15 riz Exp $	*/
 
 /*-
  * Copyright (c) 1999, 2000, 2001, 2008 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.230.4.3 2010/06/12 16:37:55 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if.c,v 1.230.4.3.2.1 2011/08/08 19:35:15 riz Exp $");
 
 #include "opt_inet.h"
 
@@ -726,8 +726,10 @@
 	if_free_sadl(ifp);
 
 	/* Walk the routing table looking for stragglers. */
-	for (i = 0; i <= AF_MAX; i++)
-		(void)rt_walktree(i, if_rt_walktree, ifp);
+	for (i = 0; i <= AF_MAX; i++) {
+		while (rt_walktree(i, if_rt_walktree, ifp) == ERESTART)
+			;
+	}
 
 	DOMAIN_FOREACH(dp) {
 		if (dp->dom_ifdetach != NULL && ifp->if_afdata[dp->dom_family])
@@ -838,7 +840,7 @@
 	if (error != 0)
 		printf("%s: warning: unable to delete rtentry @ %p, "
 		"error = %d\n", ifp->if_xname, rt, error);
-	return 0;
+	return ERESTART;
 }
 
 /*

CVS commit: [netbsd-5-1] src/sys/net

2011-03-20 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sun Mar 20 21:28:13 UTC 2011

Modified Files:
src/sys/net [netbsd-5-1]: bpf_filter.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #1571):
sys/net/bpf_filter.c: revision 1.42 - 1.46 via patch
Avoid stack memory disclosure by keeping track during filter validation time
of initialized memory. Idea taken from linux.
Use __CTASSERT
Use kmem instead of malloc. Requested by rmind.
Fix userland build.
delint.


To generate a diff of this commit:
cvs rdiff -u -r1.35.4.1 -r1.35.4.1.2.1 src/sys/net/bpf_filter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/bpf_filter.c
diff -u src/sys/net/bpf_filter.c:1.35.4.1 src/sys/net/bpf_filter.c:1.35.4.1.2.1
--- src/sys/net/bpf_filter.c:1.35.4.1	Thu May 20 05:13:13 2010
+++ src/sys/net/bpf_filter.c	Sun Mar 20 21:28:13 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: bpf_filter.c,v 1.35.4.1 2010/05/20 05:13:13 snj Exp $	*/
+/*	$NetBSD: bpf_filter.c,v 1.35.4.1.2.1 2011/03/20 21:28:13 bouyer Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@@ -37,7 +37,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.35.4.1 2010/05/20 05:13:13 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf_filter.c,v 1.35.4.1.2.1 2011/03/20 21:28:13 bouyer Exp $");
 
 #if 0
 #if !(defined(lint) || defined(KERNEL))
@@ -48,6 +48,7 @@
 
 #include 
 #include 
+#include 
 #include 
 
 #define EXTRACT_SHORT(p)	be16dec(p)
@@ -147,8 +148,7 @@
 	A = 0;
 	X = 0;
 	--pc;
-	/* CONSTCOND */
-	while (1) {
+	for (;;) {
 		++pc;
 		switch (pc->code) {
 
@@ -157,6 +157,7 @@
 			return 0;
 #else
 			abort();
+			/*NOTREACHED*/
 #endif
 		case BPF_RET|BPF_K:
 			return (u_int)pc->k;
@@ -461,16 +462,38 @@
  * The kernel needs to be able to verify an application's filter code.
  * Otherwise, a bogus program could easily crash the system.
  */
+CTASSERT(BPF_MEMWORDS == sizeof(uint16_t) * NBBY);
+
 int
-bpf_validate(struct bpf_insn *f, int len)
+bpf_validate(struct bpf_insn *f, int signed_len)
 {
-	u_int i, from;
-	struct bpf_insn *p;
+	u_int i, from, len, ok = 0;
+	const struct bpf_insn *p;
+#if defined(KERNEL) || defined(_KERNEL)
+	uint16_t *mem, invalid;
+	size_t size;
+#endif
 
-	if (len < 1 || len > BPF_MAXINSNS)
+	len = (u_int)signed_len;
+	if (len < 1)
+		return 0;
+#if defined(KERNEL) || defined(_KERNEL)
+	if (len > BPF_MAXINSNS)
+		return 0;
+#endif 
+	if (BPF_CLASS(f[len - 1].code) != BPF_RET)
 		return 0;
 
+#if defined(KERNEL) || defined(_KERNEL)
+	mem = kmem_zalloc(size = sizeof(*mem) * len, KM_SLEEP);
+	invalid = ~0;   /* All is invalid on startup */
+#endif
+
 	for (i = 0; i < len; ++i) {
+#if defined(KERNEL) || defined(_KERNEL)
+		/* blend in any invalid bits for current pc */
+		invalid |= mem[i];
+#endif
 		p = &f[i];
 		switch (BPF_CLASS(p->code)) {
 		/*
@@ -480,8 +503,22 @@
 		case BPF_LDX:
 			switch (BPF_MODE(p->code)) {
 			case BPF_MEM:
+/*
+ * There's no maximum packet data size
+ * in userland.  The runtime packet length
+ * check suffices.
+ */
+#if defined(KERNEL) || defined(_KERNEL)
+/*
+ * More strict check with actual packet length
+ * is done runtime.
+ */
 if (p->k >= BPF_MEMWORDS)
-	return 0;
+	goto out;
+/* check for current memory invalid */
+if (invalid & (1 << p->k))
+	goto out;
+#endif
 break;
 			case BPF_ABS:
 			case BPF_IND:
@@ -490,13 +527,17 @@
 			case BPF_LEN:
 break;
 			default:
-return 0;
+goto out;
 			}
 			break;
 		case BPF_ST:
 		case BPF_STX:
 			if (p->k >= BPF_MEMWORDS)
-return 0;
+goto out;
+#if defined(KERNEL) || defined(_KERNEL)
+			/* validate the memory word */
+			invalid &= ~(1 << p->k);
+#endif
 			break;
 		case BPF_ALU:
 			switch (BPF_OP(p->code)) {
@@ -514,10 +555,10 @@
  * Check for constant division by 0.
  */
 if (BPF_SRC(p->code) == BPF_K && p->k == 0)
-	return 0;
+	goto out;
 break;
 			default:
-return 0;
+goto out;
 			}
 			break;
 		case BPF_JMP:
@@ -540,18 +581,37 @@
 			from = i + 1;
 			switch (BPF_OP(p->code)) {
 			case BPF_JA:
-if (from + p->k < from || from + p->k >= len)
-	return 0;
+if (from + p->k >= len)
+	goto out;
+#if defined(KERNEL) || defined(_KERNEL)
+if (from + p->k < from)
+	goto out;
+/*
+ * mark the currently invalid bits for the
+ * destination
+ */
+mem[from + p->k] |= invalid;
+invalid = 0;
+#endif
 break;
 			case BPF_JEQ:
 			case BPF_JGT:
 			case BPF_JGE:
 			case BPF_JSET:
 if (from + p->jt >= len || from + p->jf >= len) 
-	return 0;
+	goto out;
+#if defined(KERNEL) || defined(_KERNEL)
+/*
+ * mark the currently invalid bits for both
+ * possible jump destinations
+ */
+mem[from + p->jt] |= invalid;
+mem[from + p->jf] |= invalid;
+invalid = 0;
+#endif
 break;
 			default:
-return 0

CVS commit: [netbsd-5-1] src/sys/net

2011-01-16 Thread Manuel Bouyer

Module Name:src
Committed By:   bouyer
Date:   Sun Jan 16 13:04:45 UTC 2011

Modified Files:
src/sys/net [netbsd-5-1]: raw_usrreq.c

Log Message:
Pull up following revision(s) (requested by pooka in ticket #1529):
sys/net/raw_usrreq.c: revision 1.36
Apply patch from PR kern/44369 by Wolfgang Stukenbrock.


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.35.22.1 src/sys/net/raw_usrreq.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/raw_usrreq.c
diff -u src/sys/net/raw_usrreq.c:1.35 src/sys/net/raw_usrreq.c:1.35.22.1
--- src/sys/net/raw_usrreq.c:1.35	Thu May 29 17:26:56 2008
+++ src/sys/net/raw_usrreq.c	Sun Jan 16 13:04:45 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_usrreq.c,v 1.35 2008/05/29 17:26:56 dyoung Exp $	*/
+/*	$NetBSD: raw_usrreq.c,v 1.35.22.1 2011/01/16 13:04:45 bouyer Exp $	*/
 
 /*
  * Copyright (c) 1980, 1986, 1993
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.35 2008/05/29 17:26:56 dyoung Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_usrreq.c,v 1.35.22.1 2011/01/16 13:04:45 bouyer Exp $");
 
 #include 
 #include 
@@ -276,7 +276,8 @@
 		/*
 		 * stat: don't bother with a blocksize.
 		 */
-		return (0);
+		error = 0;
+		break;
 
 	/*
 	 * Not supported.

CVS commit: [netbsd-5-1] src/sys/net

CVS commit: [netbsd-5-1] src/sys/net

CVS commit: [netbsd-5-1] src/sys/net

CVS commit: [netbsd-5-1] src/sys/net

CVS commit: [netbsd-5-1] src/sys/net

5 matches

Site Navigation

Mail list logo

Footer information