CVS commit: src/sys/net/npf

[Maxime Villard]

Module Name:    src
Committed By:   maxv
Date:           Tue Jul 10 16:49:09 UTC 2018

Modified Files:
        src/sys/net/npf: npf_handler.c

Log Message:
Modify the logic in npf_reassembly. Don't call nbuf_reset, we don't need
it since we don't read the IPv4 header anymore.

If ip{6}_reass_packet fails, always free 'm', and always clear the nbuf.

We want to avoid the case where

        'm' was reallocated
        the nbuf pointer was not updated accordingly
        the caller tried to use the nbuf pointer

This case doesn't happen right now, but the code is fragile, so strengthen
it.


To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/sys/net/npf/npf_handler.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/npf/npf_handler.c
diff -u src/sys/net/npf/npf_handler.c:1.43 src/sys/net/npf/npf_handler.c:1.44
--- src/sys/net/npf/npf_handler.c:1.43	Tue Jul 10 15:46:58 2018
+++ src/sys/net/npf/npf_handler.c	Tue Jul 10 16:49:09 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: npf_handler.c,v 1.43 2018/07/10 15:46:58 maxv Exp $	*/
+/*	$NetBSD: npf_handler.c,v 1.44 2018/07/10 16:49:09 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2009-2013 The NetBSD Foundation, Inc.
@@ -37,7 +37,7 @@
 
 #ifdef _KERNEL
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.43 2018/07/10 15:46:58 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: npf_handler.c,v 1.44 2018/07/10 16:49:09 maxv Exp $");
 
 #include <sys/types.h>
 #include <sys/param.h>
@@ -79,20 +79,17 @@ npf_reassembly(npf_t *npf, npf_cache_t *
 	*mff = false;
 	m = nbuf_head_mbuf(nbuf);
 
-	/* Reset the mbuf as it may have changed. */
-	nbuf_reset(nbuf);
-
 	if (npf_iscached(npc, NPC_IP4)) {
 		error = ip_reass_packet(&m);
-		KASSERT(!error || (m != NULL));
 	} else if (npf_iscached(npc, NPC_IP6)) {
 		error = ip6_reass_packet(&m, npc->npc_hlen);
-		if (error && m == NULL) {
-			memset(nbuf, 0, sizeof(nbuf_t));
-		}
 	}
+
 	if (error) {
+		/* Reass failed. Free the mbuf, clear the nbuf. */
 		npf_stats_inc(npf, NPF_STAT_REASSFAIL);
+		m_freem(m);
+		memset(nbuf, 0, sizeof(nbuf_t));
 		return error;
 	}
 	if (m == NULL) {