Module Name: src
Committed By: snj
Date: Sat Aug 19 05:37:06 UTC 2017
Modified Files:
src/sys/altq [netbsd-6]: altq_cbq.c altq_hfsc.c altq_jobs.c altq_priq.c
altq_wfq.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1488):
sys/altq/altq_cbq.c: revision 1.31
sys/altq/altq_hfsc.c: revision 1.27
sys/altq/altq_jobs.c: revision 1.11
sys/altq/altq_priq.c: revision 1.24
sys/altq/altq_wfq.c: revision 1.22
Zero buffers copied to userland to avoid stack disclosure.
>From Ilja Van Sprundel.
--
Reject negative indices.
(Would be nice to change the types too, and it's *probably* safe to
replace int by u_int, but I'm reluctant to touch the ioctl
definitions without at least a modicum more thought. Also one of
them is a u_long, because why not?)
>From Ilja Van Sprundel.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.18.1 src/sys/altq/altq_cbq.c
cvs rdiff -u -r1.24 -r1.24.36.1 src/sys/altq/altq_hfsc.c
cvs rdiff -u -r1.6.14.1 -r1.6.14.2 src/sys/altq/altq_jobs.c
cvs rdiff -u -r1.21 -r1.21.18.1 src/sys/altq/altq_priq.c
cvs rdiff -u -r1.19 -r1.19.34.1 src/sys/altq/altq_wfq.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/altq/altq_cbq.c
diff -u src/sys/altq/altq_cbq.c:1.26 src/sys/altq/altq_cbq.c:1.26.18.1
--- src/sys/altq/altq_cbq.c:1.26 Sun Nov 22 18:40:26 2009
+++ src/sys/altq/altq_cbq.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $ */
+/* $NetBSD: altq_cbq.c,v 1.26.18.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26 2009/11/22 18:40:26 mbalmer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.26.18.1 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -472,6 +472,7 @@ cbq_getqstats(struct pf_altq *a, void *u
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
@@ -876,6 +877,7 @@ cbq_getstats(struct cbq_getstats *gsp)
if (++i >= CBQ_MAX_CLASSES)
goto out;
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
stats.handle = cl->stats_.handle;
Index: src/sys/altq/altq_hfsc.c
diff -u src/sys/altq/altq_hfsc.c:1.24 src/sys/altq/altq_hfsc.c:1.24.36.1
--- src/sys/altq/altq_hfsc.c:1.24 Wed Jun 18 09:06:27 2008
+++ src/sys/altq/altq_hfsc.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $ */
+/* $NetBSD: altq_hfsc.c,v 1.24.36.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $ */
/*
@@ -43,7 +43,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24 2008/06/18 09:06:27 yamt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.24.36.1 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -313,6 +313,7 @@ hfsc_getqstats(struct pf_altq *a, void *
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
Index: src/sys/altq/altq_jobs.c
diff -u src/sys/altq/altq_jobs.c:1.6.14.1 src/sys/altq/altq_jobs.c:1.6.14.2
--- src/sys/altq/altq_jobs.c:1.6.14.1 Mon Nov 3 15:08:44 2014
+++ src/sys/altq/altq_jobs.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_jobs.c,v 1.6.14.1 2014/11/03 15:08:44 msaitoh Exp $ */
+/* $NetBSD: altq_jobs.c,v 1.6.14.2 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.14.1 2014/11/03 15:08:44 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.6.14.2 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -2111,10 +2111,9 @@ jobscmd_class_stats(struct jobs_class_st
usp = ap->stats;
for (pri = 0; pri <= jif->jif_maxpri; pri++) {
cl = jif->jif_classes[pri];
+ (void)memset(&stats, 0, sizeof(stats));
if (cl != NULL)
get_class_stats(&stats, cl);
- else
- (void)memset(&stats, 0, sizeof(stats));
if ((error = copyout((void *)&stats, (void *)usp++,
sizeof(stats))) != 0)
return (error);
Index: src/sys/altq/altq_priq.c
diff -u src/sys/altq/altq_priq.c:1.21 src/sys/altq/altq_priq.c:1.21.18.1
--- src/sys/altq/altq_priq.c:1.21 Sat Mar 14 15:35:58 2009
+++ src/sys/altq/altq_priq.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $ */
+/* $NetBSD: altq_priq.c,v 1.21.18.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_priq.c,v 1.13 2005/04/13 03:44:25 suz Exp $ */
/*
* Copyright (C) 2000-2003
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_priq.c,v 1.21 2009/03/14 15:35:58 dsl Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_priq.c,v 1.21.18.1 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -219,6 +219,7 @@ priq_getqstats(struct pf_altq *a, void *
if (*nbytes < sizeof(stats))
return (EINVAL);
+ memset(&stats, 0, sizeof(stats));
get_class_stats(&stats, cl);
if ((error = copyout((void *)&stats, ubuf, sizeof(stats))) != 0)
Index: src/sys/altq/altq_wfq.c
diff -u src/sys/altq/altq_wfq.c:1.19 src/sys/altq/altq_wfq.c:1.19.34.1
--- src/sys/altq/altq_wfq.c:1.19 Thu Sep 11 17:58:59 2008
+++ src/sys/altq/altq_wfq.c Sat Aug 19 05:37:06 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: altq_wfq.c,v 1.19 2008/09/11 17:58:59 joerg Exp $ */
+/* $NetBSD: altq_wfq.c,v 1.19.34.1 2017/08/19 05:37:06 snj Exp $ */
/* $KAME: altq_wfq.c,v 1.14 2005/04/13 03:44:25 suz Exp $ */
/*
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: altq_wfq.c,v 1.19 2008/09/11 17:58:59 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_wfq.c,v 1.19.34.1 2017/08/19 05:37:06 snj Exp $");
#ifdef _KERNEL_OPT
#include "opt_altq.h"
@@ -518,14 +518,15 @@ wfq_setweight(struct wfq_setweight *swp)
wfq *queue;
int old;
- if (swp->weight < 0) {
- printf("set weight in natural number\n");
+ if (swp->weight < 0)
return (EINVAL);
- }
if ((wfqp = altq_lookup(swp->iface.wfq_ifacename, ALTQT_WFQ)) == NULL)
return (EBADF);
+ if (swp->qid < 0 || swp->qid >= wfqp->nums)
+ return (EINVAL);
+
queue = &wfqp->queue[swp->qid];
old = queue->weight;
queue->weight = swp->weight;
@@ -544,7 +545,7 @@ wfq_getstats(struct wfq_getstats *gsp)
if ((wfqp = altq_lookup(gsp->iface.wfq_ifacename, ALTQT_WFQ)) == NULL)
return (EBADF);
- if (gsp->qid >= wfqp->nums)
+ if (gsp->qid < 0 || gsp->qid >= wfqp->nums)
return (EINVAL);
queue = &wfqp->queue[gsp->qid];
