Re: svn commit: r324971 - head/sys/netinet
> On Wed, Oct 25, 2017 at 07:57:14AM -0700, Rodney W. Grimes wrote: > > > New Revision: 324971 > > > URL: https://svnweb.freebsd.org/changeset/base/324971 > > > > > > Log: > > > Fix a bug reported by Felix Weinrank using the libfuzzer on the > > > userland stack. > > > > Please try to say what the bug was, why it was a bug, and > > how it was fixed in any bug commit message. > > > > External vague references are of little value when reading > > through a files svn history. > > Honestly, I don't understand at all why this topic comes up again and > again. It's beaten to death, aren't people supposed to read svn-* mail? > > :-( I think one thing that causes some of this is that many work in private repositories with no one else seeing there commits and they develope a bad habit of writting very brief commit messages and then these get carried into public repositories. > ./danfe -- Rod Grimes rgri...@freebsd.org ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r324971 - head/sys/netinet
> On 25. Oct 2017, at 16:57, Rodney W. Grimes> wrote: > > [ Charset UTF-8 unsupported, converting... ] >> Author: tuexen >> Date: Wed Oct 25 09:12:22 2017 >> New Revision: 324971 >> URL: https://svnweb.freebsd.org/changeset/base/324971 >> >> Log: >> Fix a bug reported by Felix Weinrank using the libfuzzer on the >> userland stack. > > Please try to say what the bug was, why it was a bug, and > how it was fixed in any bug commit message. Yepp, you are right. The bug was that when taking the length of what is used in a buffer, the offset was not taken into account. The fix is to do that... Best regards Michael > > External vague references are of little value when reading > through a files svn history. > > Thanks, >> >> MFC after: 3 days >> >> Modified: >> head/sys/netinet/sctp_auth.c >> >> Modified: head/sys/netinet/sctp_auth.c >> == >> --- head/sys/netinet/sctp_auth.c Wed Oct 25 05:55:13 2017 >> (r324970) >> +++ head/sys/netinet/sctp_auth.c Wed Oct 25 09:12:22 2017 >> (r324971) >> @@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_ >> /* now use the rest of the mbuf chain */ >> while ((m_tmp != NULL) && (size > 0)) { >> data = mtod(m_tmp, uint8_t *)+m_offset; >> -if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) { >> -memset(data, 0, SCTP_BUF_LEN(m_tmp)); >> -size -= SCTP_BUF_LEN(m_tmp); >> +if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) { >> +memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset); >> +size -= SCTP_BUF_LEN(m_tmp) - m_offset; >> } else { >> memset(data, 0, size); >> size = 0; >> >> > > -- > Rod Grimes rgri...@freebsd.org > ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r324971 - head/sys/netinet
On Wed, Oct 25, 2017 at 07:57:14AM -0700, Rodney W. Grimes wrote: > > New Revision: 324971 > > URL: https://svnweb.freebsd.org/changeset/base/324971 > > > > Log: > > Fix a bug reported by Felix Weinrank using the libfuzzer on the > > userland stack. > > Please try to say what the bug was, why it was a bug, and > how it was fixed in any bug commit message. > > External vague references are of little value when reading > through a files svn history. Honestly, I don't understand at all why this topic comes up again and again. It's beaten to death, aren't people supposed to read svn-* mail? :-( ./danfe ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r324971 - head/sys/netinet
[ Charset UTF-8 unsupported, converting... ] > Author: tuexen > Date: Wed Oct 25 09:12:22 2017 > New Revision: 324971 > URL: https://svnweb.freebsd.org/changeset/base/324971 > > Log: > Fix a bug reported by Felix Weinrank using the libfuzzer on the > userland stack. Please try to say what the bug was, why it was a bug, and how it was fixed in any bug commit message. External vague references are of little value when reading through a files svn history. Thanks, > > MFC after: 3 days > > Modified: > head/sys/netinet/sctp_auth.c > > Modified: head/sys/netinet/sctp_auth.c > == > --- head/sys/netinet/sctp_auth.c Wed Oct 25 05:55:13 2017 > (r324970) > +++ head/sys/netinet/sctp_auth.c Wed Oct 25 09:12:22 2017 > (r324971) > @@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_ > /* now use the rest of the mbuf chain */ > while ((m_tmp != NULL) && (size > 0)) { > data = mtod(m_tmp, uint8_t *)+m_offset; > - if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) { > - memset(data, 0, SCTP_BUF_LEN(m_tmp)); > - size -= SCTP_BUF_LEN(m_tmp); > + if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) { > + memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset); > + size -= SCTP_BUF_LEN(m_tmp) - m_offset; > } else { > memset(data, 0, size); > size = 0; > > -- Rod Grimes rgri...@freebsd.org ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r324971 - head/sys/netinet
Author: tuexen Date: Wed Oct 25 09:12:22 2017 New Revision: 324971 URL: https://svnweb.freebsd.org/changeset/base/324971 Log: Fix a bug reported by Felix Weinrank using the libfuzzer on the userland stack. MFC after:3 days Modified: head/sys/netinet/sctp_auth.c Modified: head/sys/netinet/sctp_auth.c == --- head/sys/netinet/sctp_auth.cWed Oct 25 05:55:13 2017 (r324970) +++ head/sys/netinet/sctp_auth.cWed Oct 25 09:12:22 2017 (r324971) @@ -1606,9 +1606,9 @@ sctp_zero_m(struct mbuf *m, uint32_t m_offset, uint32_ /* now use the rest of the mbuf chain */ while ((m_tmp != NULL) && (size > 0)) { data = mtod(m_tmp, uint8_t *)+m_offset; - if (size > (uint32_t)SCTP_BUF_LEN(m_tmp)) { - memset(data, 0, SCTP_BUF_LEN(m_tmp)); - size -= SCTP_BUF_LEN(m_tmp); + if (size > (uint32_t)(SCTP_BUF_LEN(m_tmp) - m_offset)) { + memset(data, 0, SCTP_BUF_LEN(m_tmp) - m_offset); + size -= SCTP_BUF_LEN(m_tmp) - m_offset; } else { memset(data, 0, size); size = 0; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"