IP Filter bug report form.
--------------------------
IP Filter Version: 4.1.5
Operating System Version: Solaris 10 x86
Configuration: LKM
Description of problem:
pfil_precheck converts ip_len and ip_off too early resulting in the fields
being in the wrong byte order if:
/*
* If we don't have enough data in the mblk or we haven't yet copied
* enough (above), then copy some more.
*/
if ((iphlen > len)) {
if (m->b_datap->db_ref > 1)
goto forced_copy;
branches to forced_copy.
How to repeat:
The enclosed * lightly tested * patch to SunOS/pfildrv.c fixes the problem.
*** pfildrv.c.ORIGINAL Mon Feb 21 20:50:29 2005
--- pfildrv.c Mon Feb 21 21:04:21 2005
*************** forced_copy:
*** 703,731 ****
return EINVAL;
}
- /*
- * The code in IPFilter assumes that both the ip_off and ip_len
- * fields are in host byte order, so convert them here to fulfill
- * that expectation.
- *
- * If the target compile host is non-SPARC, assume it is a little
- * endian machine, requiring the conversion of offset/length fields
- * to both be host byte ordered.
- */
- #ifndef sparc
- # if SOLARIS2 >= 8
- if (sap == IP6_DL_SAP) {
- ip6->ip6_plen = plen;
- } else {
- # endif
- __ipoff = (u_short)ip->ip_off;
- ip->ip_len = plen;
- ip->ip_off = ntohs(__ipoff);
- # if SOLARIS2 >= 8
- }
- # endif
- #endif
-
if (sap == 0)
iphlen = ip->ip_hl << 2;
#if SOLARIS2 >= 8
--- 703,708 ----
*************** forced_copy:
*** 742,761 ****
/*
* Bad IP packet or not enough data/data length mismatches
*/
- #ifndef sparc
- # if SOLARIS2 >= 8
- if (sap == IP6_DL_SAP) {
- ip6->ip6_plen = htons(plen);
- } else {
- # endif
- __ipoff = (u_short)ip->ip_off;
-
- ip->ip_len = htons(plen);
- ip->ip_off = htons(__ipoff);
- # if SOLARIS2 >= 8
- }
- # endif
- #endif
atomic_add_long(&qif->qf_bad, 1);
return EINVAL;
}
--- 719,724 ----
*************** forced_copy:
*** 776,781 ****
--- 739,767 ----
if ((len > plen) && (off == 0))
m->b_wptr -= len - plen;
+
+ /*
+ * The code in IPFilter assumes that both the ip_off and ip_len
+ * fields are in host byte order, so convert them here to fulfill
+ * that expectation.
+ *
+ * If the target compile host is non-SPARC, assume it is a little
+ * endian machine, requiring the conversion of offset/length fields
+ * to both be host byte ordered.
+ */
+ #ifndef sparc
+ # if SOLARIS2 >= 8
+ if (sap == IP6_DL_SAP) {
+ ip6->ip6_plen = plen;
+ } else {
+ # endif
+ __ipoff = (u_short)ip->ip_off;
+ ip->ip_len = plen;
+ ip->ip_off = ntohs(__ipoff);
+ # if SOLARIS2 >= 8
+ }
+ # endif
+ #endif
qpi->qpi_m = m;
qpi->qpi_off = off;
-- John
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
