IP Filter bug report form.
--------------------------
IP Filter Version: 4.1.5
Operating System Version: Solaris 10 x86
Configuration: LKM
Description of problem:
pfil_precheck has:
if (sap == ETHERTYPE_IP) {
set various variables
}
else if (sap == IP6_DL_SAP) {
set various variables
}
else {
sap = -1;
hlen = 0;
}
use various variables.
as a result uninitialized variables may be used if sap != ETHERTYPE_IP
and sap != IP6_DL_SAP.
How to repeat:
The enclosed * lightly tested * patch to SunOS/pfildrv.c fixes the problem.
*** SunOS/pfildrv.c.ORIGINAL Tue Feb 22 16:30:00 2005
--- SunOS/pfildrv.c Tue Feb 22 16:34:32 2005
*************** forced_copy:
*** 687,693 ****
}
#endif
else {
- hlen = 0;
sap = -1;
}
--- 687,692 ----
*************** forced_copy:
*** 695,700 ****
--- 694,700 ----
#if SOLARIS2 >= 8
|| ((sap == IP6_DL_SAP) && (((ip6->ip6_vfc) & 0xf0) != 0x60))
#endif
+ || sap == -1
) {
atomic_add_long(&qif->qf_notip, 1);
#ifdef PFILDEBUG
-- John
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
