pfil_precheck on x86 Solaris may access a stale pointer due to
the refresh being too late. The pointer is later used to modify
the byte ordering of a couple of fields.
-- John
*** SunOS/pfildrv.c.ORIGINAL Sat May 8 13:25:55 2004
--- SunOS/pfildrv.c Mon Feb 28 19:23:21 2005
*************** int pfil_precheck(queue_t *q, mblk_t **m
*** 829,837 ****
for (; pfh; pfh = pfh->pfil_next)
if (pfh->pfil_func) {
err = (*pfh->pfil_func)(ip, iphlen, qif, out, qpi, mp);
if (err || !*mp)
break;
- ip = qpi->qpi_data;
}
RW_EXIT(&ph->ph_lock);
--- 787,800 ----
for (; pfh; pfh = pfh->pfil_next)
if (pfh->pfil_func) {
err = (*pfh->pfil_func)(ip, iphlen, qif, out, qpi, mp);
+
+ /*
+ * fr_pullup may have allocated a new buffer.
+ */
+ ip = qpi->qpi_data;
+
if (err || !*mp)
break;
}
RW_EXIT(&ph->ph_lock);
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
