Module Name: src
Committed By: snj
Date: Fri Aug 25 05:31:36 UTC 2017
Modified Files:
src/sys/external/bsd/ipf/netinet [netbsd-7-0]: fil.c ip_frag.c
ip_state.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #1412):
sys/external/bsd/ipf/netinet/fil.c: revision 1.20
sys/external/bsd/ipf/netinet/ip_frag.c: revision 1.5
sys/external/bsd/ipf/netinet/ip_state.c: revision 1.7
Disconnect maintaining fragment state from keeping session state. The user
now must specify keep frags along with keep state to have ipfilter do what
it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
--
Free the right fragment (Cy Schubert @ FreeBSD). This will cause use after free
issues and eventually panic.
To generate a diff of this commit:
cvs rdiff -u -r1.15.2.1 -r1.15.2.1.2.1 src/sys/external/bsd/ipf/netinet/fil.c
cvs rdiff -u -r1.3 -r1.3.18.1 src/sys/external/bsd/ipf/netinet/ip_frag.c
cvs rdiff -u -r1.6 -r1.6.8.1 src/sys/external/bsd/ipf/netinet/ip_state.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/fil.c
diff -u src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.1 src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.1.2.1
--- src/sys/external/bsd/ipf/netinet/fil.c:1.15.2.1 Fri Apr 10 20:26:46 2015
+++ src/sys/external/bsd/ipf/netinet/fil.c Fri Aug 25 05:31:36 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $ */
+/* $NetBSD: fil.c,v 1.15.2.1.2.1 2017/08/25 05:31:36 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -138,7 +138,7 @@ extern struct timeout ipf_slowtimer_ch;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.1 2015/04/10 20:26:46 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: fil.c,v 1.15.2.1.2.1 2017/08/25 05:31:36 snj Exp $");
#else
static const char sccsid[] = "@(#)fil.c 1.36 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: fil.c,v 1.1.1.2 2012/07/22 13:45:07 darrenr Exp $";
@@ -2689,7 +2689,7 @@ ipf_firewall(fr_info_t *fin, u_32_t *pas
* If the rule has "keep frag" and the packet is actually a fragment,
* then create a fragment state entry.
*/
- if ((pass & (FR_KEEPFRAG|FR_KEEPSTATE)) == FR_KEEPFRAG) {
+ if (pass & FR_KEEPFRAG) {
if (fin->fin_flx & FI_FRAG) {
if (ipf_frag_new(softc, fin, pass) == -1) {
LBUMP(ipf_stats[out].fr_bnfr);
Index: src/sys/external/bsd/ipf/netinet/ip_frag.c
diff -u src/sys/external/bsd/ipf/netinet/ip_frag.c:1.3 src/sys/external/bsd/ipf/netinet/ip_frag.c:1.3.18.1
--- src/sys/external/bsd/ipf/netinet/ip_frag.c:1.3 Sun Jul 22 14:27:51 2012
+++ src/sys/external/bsd/ipf/netinet/ip_frag.c Fri Aug 25 05:31:36 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */
+/* $NetBSD: ip_frag.c,v 1.3.18.1 2017/08/25 05:31:36 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -87,7 +87,7 @@ struct file;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3 2012/07/22 14:27:51 darrenr Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_frag.c,v 1.3.18.1 2017/08/25 05:31:36 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_frag.c 1.11 3/24/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_frag.c,v 1.1.1.2 2012/07/22 13:45:17 darrenr Exp";
@@ -468,7 +468,7 @@ ipfr_frag_new(
IPFR_CMPSZ)) {
RWLOCK_EXIT(lock);
FBUMPD(ifs_exists);
- KFREE(fra);
+ KFREE(fran);
return NULL;
}
Index: src/sys/external/bsd/ipf/netinet/ip_state.c
diff -u src/sys/external/bsd/ipf/netinet/ip_state.c:1.6 src/sys/external/bsd/ipf/netinet/ip_state.c:1.6.8.1
--- src/sys/external/bsd/ipf/netinet/ip_state.c:1.6 Sat Sep 14 12:16:11 2013
+++ src/sys/external/bsd/ipf/netinet/ip_state.c Fri Aug 25 05:31:36 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $ */
+/* $NetBSD: ip_state.c,v 1.6.8.1 2017/08/25 05:31:36 snj Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -100,7 +100,7 @@ struct file;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6 2013/09/14 12:16:11 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_state.c,v 1.6.8.1 2017/08/25 05:31:36 snj Exp $");
#else
static const char sccsid[] = "@(#)ip_state.c 1.8 6/5/96 (C) 1993-2000 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_state.c,v 1.1.1.2 2012/07/22 13:45:37 darrenr Exp";
@@ -3341,7 +3341,8 @@ ipf_state_check(fr_info_t *fin, u_32_t *
* If this packet is a fragment and the rule says to track fragments,
* then create a new fragment cache entry.
*/
- if ((fin->fin_flx & FI_FRAG) && FR_ISPASS(is->is_pass))
+ if (fin->fin_flx & FI_FRAG && FR_ISPASS(is->is_pass) &&
+ is->is_pass & FR_KEEPFRAG)
(void) ipf_frag_new(softc, fin, is->is_pass);
/*
