netinet6

Ryota Ozaki Sun, 06 Dec 2015 22:19:29 -0800

Module Name:    src
Committed By:   ozaki-r
Date:           Mon Dec  7 06:19:13 UTC 2015


Modified Files:
        src/sys/netinet6: nd6.c nd6.h nd6_nbr.c

Log Message:
CID 1341546: Fix integer handling issue (CONSTANT_EXPRESSION_RESULT)

n > INT_MAX where n is a long integer variable never be true on 32bit
architectures. Use time_t(int64_t) instead of long for the variable.


To generate a diff of this commit:
cvs rdiff -u -r1.181 -r1.182 src/sys/netinet6/nd6.c
cvs rdiff -u -r1.68 -r1.69 src/sys/netinet6/nd6.h
cvs rdiff -u -r1.112 -r1.113 src/sys/netinet6/nd6_nbr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet6/nd6.c
diff -u src/sys/netinet6/nd6.c:1.181 src/sys/netinet6/nd6.c:1.182
--- src/sys/netinet6/nd6.c:1.181	Wed Nov 25 06:21:26 2015
+++ src/sys/netinet6/nd6.c	Mon Dec  7 06:19:13 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6.c,v 1.181 2015/11/25 06:21:26 ozaki-r Exp $	*/
+/*	$NetBSD: nd6.c,v 1.182 2015/12/07 06:19:13 ozaki-r Exp $	*/
 /*	$KAME: nd6.c,v 1.279 2002/06/08 11:16:51 itojun Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.181 2015/11/25 06:21:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6.c,v 1.182 2015/12/07 06:19:13 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_net_mpsafe.h"
@@ -391,9 +391,10 @@ skip1:
  * ND6 timer routine to handle ND6 entries
  */
 void
-nd6_llinfo_settimer_locked(struct llentry *ln, long xtick)
+nd6_llinfo_settimer_locked(struct llentry *ln, time_t xtick)
 {
 
+	CTASSERT(sizeof(time_t) > sizeof(int));
 	LLE_WLOCK_ASSERT(ln);
 
 	if (xtick < 0) {
@@ -416,7 +417,7 @@ nd6_llinfo_settimer_locked(struct llentr
 }
 
 void
-nd6_llinfo_settimer(struct llentry *ln, long xtick)
+nd6_llinfo_settimer(struct llentry *ln, time_t xtick)
 {
 
 	LLE_WLOCK(ln);
@@ -535,7 +536,7 @@ nd6_llinfo_timer(void *arg)
 	case ND6_LLINFO_REACHABLE:
 		if (!ND6_LLINFO_PERMANENT(ln)) {
 			ln->ln_state = ND6_LLINFO_STALE;
-			nd6_llinfo_settimer_locked(ln, (long)nd6_gctimer * hz);
+			nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz);
 		}
 		break;
 
@@ -557,7 +558,7 @@ nd6_llinfo_timer(void *arg)
 			send_ns = true;
 		} else {
 			ln->ln_state = ND6_LLINFO_STALE; /* XXX */
-			nd6_llinfo_settimer_locked(ln, (long)nd6_gctimer * hz);
+			nd6_llinfo_settimer_locked(ln, nd6_gctimer * hz);
 		}
 		break;
 	case ND6_LLINFO_PROBE:
@@ -575,7 +576,7 @@ nd6_llinfo_timer(void *arg)
 	if (send_ns) {
 		struct in6_addr src, *psrc;
 
-		nd6_llinfo_settimer_locked(ln, (long)ndi->retrans * hz / 1000);
+		nd6_llinfo_settimer_locked(ln, ndi->retrans * hz / 1000);
 		psrc = nd6_llinfo_get_holdsrc(ln, &src);
 		LLE_FREE_LOCKED(ln);
 		ln = NULL;
@@ -1135,7 +1136,7 @@ nd6_free(struct rtentry *rt, struct llen
 				    (dr->expire - time_uptime) * hz);
 			else
 				nd6_llinfo_settimer_locked(ln,
-				    (long)nd6_gctimer * hz);
+				    nd6_gctimer * hz);
 			splx(s);
 			return;
 		}
@@ -1230,7 +1231,7 @@ nd6_nud_hint(struct rtentry *rt)
 	ln->ln_state = ND6_LLINFO_REACHABLE;
 	if (!ND6_LLINFO_PERMANENT(ln)) {
 		nd6_llinfo_settimer(ln,
-		    (long)ND_IFINFO(rt->rt_ifp)->reachable * hz);
+		    ND_IFINFO(rt->rt_ifp)->reachable * hz);
 	}
 
 	return;
@@ -2140,7 +2141,7 @@ fail:
 			 * we must set the timer now, although it is actually
 			 * meaningless.
 			 */
-			nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
+			nd6_llinfo_settimer(ln, nd6_gctimer * hz);
 
 			nd6_llinfo_release_pkts(ln, ifp, rt);
 		} else if (ln->ln_state == ND6_LLINFO_INCOMPLETE) {
@@ -2432,7 +2433,7 @@ nd6_output(struct ifnet *ifp, struct ifn
 	if ((ifp->if_flags & IFF_POINTOPOINT) != 0 &&
 	    ln->ln_state < ND6_LLINFO_REACHABLE) {
 		ln->ln_state = ND6_LLINFO_STALE;
-		nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
+		nd6_llinfo_settimer(ln, nd6_gctimer * hz);
 	}
 
 	/*
@@ -2445,7 +2446,7 @@ nd6_output(struct ifnet *ifp, struct ifn
 	if (ln->ln_state == ND6_LLINFO_STALE) {
 		ln->ln_asked = 0;
 		ln->ln_state = ND6_LLINFO_DELAY;
-		nd6_llinfo_settimer(ln, (long)nd6_delay * hz);
+		nd6_llinfo_settimer(ln, nd6_delay * hz);
 	}
 
 	/*
@@ -2496,7 +2497,7 @@ nd6_output(struct ifnet *ifp, struct ifn
 
 		ln->ln_asked++;
 		nd6_llinfo_settimer(ln,
-		    (long)ND_IFINFO(ifp)->retrans * hz / 1000);
+		    ND_IFINFO(ifp)->retrans * hz / 1000);
 		psrc = nd6_llinfo_get_holdsrc(ln, &src);
 		nd6_ns_output(ifp, NULL, &dst->sin6_addr, psrc, 0);
 	}

Index: src/sys/netinet6/nd6.h
diff -u src/sys/netinet6/nd6.h:1.68 src/sys/netinet6/nd6.h:1.69
--- src/sys/netinet6/nd6.h:1.68	Wed Nov 25 06:21:26 2015
+++ src/sys/netinet6/nd6.h	Mon Dec  7 06:19:13 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6.h,v 1.68 2015/11/25 06:21:26 ozaki-r Exp $	*/
+/*	$NetBSD: nd6.h,v 1.69 2015/12/07 06:19:13 ozaki-r Exp $	*/
 /*	$KAME: nd6.h,v 1.95 2002/06/08 11:31:06 itojun Exp $	*/
 
 /*
@@ -400,8 +400,8 @@ struct nd_opt_hdr *nd6_option(union nd_o
 int nd6_options(union nd_opts *);
 struct	rtentry *nd6_lookup(const struct in6_addr *, int, struct ifnet *);
 void nd6_setmtu(struct ifnet *);
-void nd6_llinfo_settimer(struct llentry *, long);
-void nd6_llinfo_settimer_locked(struct llentry *, long);
+void nd6_llinfo_settimer(struct llentry *, time_t);
+void nd6_llinfo_settimer_locked(struct llentry *, time_t);
 void nd6_timer(void *);
 void nd6_purge(struct ifnet *, struct in6_ifextra *);
 void nd6_nud_hint(struct rtentry *);

Index: src/sys/netinet6/nd6_nbr.c
diff -u src/sys/netinet6/nd6_nbr.c:1.112 src/sys/netinet6/nd6_nbr.c:1.113
--- src/sys/netinet6/nd6_nbr.c:1.112	Wed Nov 25 06:21:26 2015
+++ src/sys/netinet6/nd6_nbr.c	Mon Dec  7 06:19:13 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: nd6_nbr.c,v 1.112 2015/11/25 06:21:26 ozaki-r Exp $	*/
+/*	$NetBSD: nd6_nbr.c,v 1.113 2015/12/07 06:19:13 ozaki-r Exp $	*/
 /*	$KAME: nd6_nbr.c,v 1.61 2001/02/10 16:06:14 jinmei Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.112 2015/11/25 06:21:26 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nd6_nbr.c,v 1.113 2015/12/07 06:19:13 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -676,11 +676,11 @@ nd6_na_input(struct mbuf *m, int off, in
 			ln->ln_byhint = 0;
 			if (!ND6_LLINFO_PERMANENT(ln)) {
 				nd6_llinfo_settimer(ln,
-				    (long)ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz);
+				    ND_IFINFO(ln->lle_tbl->llt_ifp)->reachable * hz);
 			}
 		} else {
 			ln->ln_state = ND6_LLINFO_STALE;
-			nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
+			nd6_llinfo_settimer(ln, nd6_gctimer * hz);
 		}
 		if ((ln->ln_router = is_router) != 0) {
 			/*
@@ -734,7 +734,7 @@ nd6_na_input(struct mbuf *m, int off, in
 			 */
 			if (ln->ln_state == ND6_LLINFO_REACHABLE) {
 				ln->ln_state = ND6_LLINFO_STALE;
-				nd6_llinfo_settimer(ln, (long)nd6_gctimer * hz);
+				nd6_llinfo_settimer(ln, nd6_gctimer * hz);
 			}
 			goto freeit;
 		} else if (is_override				   /* (2a) */
@@ -758,13 +758,13 @@ nd6_na_input(struct mbuf *m, int off, in
 				ln->ln_byhint = 0;
 				if (!ND6_LLINFO_PERMANENT(ln)) {
 					nd6_llinfo_settimer(ln,
-					    (long)ND_IFINFO(ifp)->reachable * hz);
+					    ND_IFINFO(ifp)->reachable * hz);
 				}
 			} else {
 				if (lladdr && llchange) {
 					ln->ln_state = ND6_LLINFO_STALE;
 					nd6_llinfo_settimer(ln,
-					    (long)nd6_gctimer * hz);
+					    nd6_gctimer * hz);
 				}
 			}
 		}

CVS commit: src/sys/netinet6

Reply via email to