CVS commit: src/sys/external/bsd/ipf/netinet

Mon, 03 Dec 2012 10:30:17 -0800 

Module Name:    src
Committed By:   christos
Date:           Mon Dec  3 18:30:25 UTC 2012

Modified Files:
        src/sys/external/bsd/ipf/netinet: ip_dstlist.c

Log Message:
PR/47270: Paul Goyette: ipftest -N aborts
1. check for NULL before de-refencing; in particular sel is assigned to NULL,
   in the default case, and then couple of lines down we do sel->
2. gcc appears to optimize u_32_t hash[4], to u_32_t hash, since we only
   use hash[0], disregarding the fact that we pass it to MD5Final() leading
   to stack corruption. Use an explicit union, so that the compiler stops
   butting its head where it shouldn't.

XXX: pullup to 6


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sys/external/bsd/ipf/netinet/ip_dstlist.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/external/bsd/ipf/netinet/ip_dstlist.c
diff -u src/sys/external/bsd/ipf/netinet/ip_dstlist.c:1.4 src/sys/external/bsd/ipf/netinet/ip_dstlist.c:1.5
--- src/sys/external/bsd/ipf/netinet/ip_dstlist.c:1.4	Sun Jul 22 12:31:26 2012
+++ src/sys/external/bsd/ipf/netinet/ip_dstlist.c	Mon Dec  3 13:30:25 2012
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip_dstlist.c,v 1.4 2012/07/22 16:31:26 darrenr Exp $	*/
+/*	$NetBSD: ip_dstlist.c,v 1.5 2012/12/03 18:30:25 christos Exp $	*/
 
 /*
  * Copyright (C) 2012 by Darren Reed.
@@ -1076,12 +1076,15 @@ ipf_dstlist_select(fr_info_t *fin, ippoo
 {
 	ipf_dstnode_t *node, *sel;
 	int connects;
-	u_32_t hash[4];
+	union {
+	    u_32_t hash[4];
+	    unsigned char bytes[16];
+	} h;
 	MD5_CTX ctx;
 	int family;
 	int x;
 
-	if (d->ipld_dests == NULL || *d->ipld_dests == NULL)
+	if (d == NULL || d->ipld_dests == NULL || *d->ipld_dests == NULL)
 		return NULL;
 
 	family = fin->fin_family;
@@ -1139,8 +1142,8 @@ ipf_dstlist_select(fr_info_t *fin, ippoo
 			  sizeof(fin->fin_src6));
 		MD5Update(&ctx, (u_char *)&fin->fin_dst6,
 			  sizeof(fin->fin_dst6));
-		MD5Final((u_char *)hash, &ctx);
-		x = hash[0] % d->ipld_nodes;
+		MD5Final(h.bytes, &ctx);
+		x = h.hash[0] % d->ipld_nodes;
 		sel = d->ipld_dests[x];
 		break;
 
@@ -1149,8 +1152,8 @@ ipf_dstlist_select(fr_info_t *fin, ippoo
 		MD5Update(&ctx, (u_char *)&d->ipld_seed, sizeof(d->ipld_seed));
 		MD5Update(&ctx, (u_char *)&fin->fin_src6,
 			  sizeof(fin->fin_src6));
-		MD5Final((u_char *)hash, &ctx);
-		x = hash[0] % d->ipld_nodes;
+		MD5Final(h.bytes, &ctx);
+		x = h.hash[0] % d->ipld_nodes;
 		sel = d->ipld_dests[x];
 		break;
 
@@ -1159,8 +1162,8 @@ ipf_dstlist_select(fr_info_t *fin, ippoo
 		MD5Update(&ctx, (u_char *)&d->ipld_seed, sizeof(d->ipld_seed));
 		MD5Update(&ctx, (u_char *)&fin->fin_dst6,
 			  sizeof(fin->fin_dst6));
-		MD5Final((u_char *)hash, &ctx);
-		x = hash[0] % d->ipld_nodes;
+		MD5Final(h.bytes, &ctx);
+		x = h.hash[0] % d->ipld_nodes;
 		sel = d->ipld_dests[x];
 		break;
 
@@ -1169,7 +1172,7 @@ ipf_dstlist_select(fr_info_t *fin, ippoo
 		break;
 	}
 
-	if (sel->ipfd_dest.fd_addr.adf_family != family)
+	if (sel && sel->ipfd_dest.fd_addr.adf_family != family)
 		sel = NULL;
 	d->ipld_selected = sel;

Reply via email to