Author: ae
Date: Tue Dec 17 10:26:44 2019
New Revision: 355851
URL: https://svnweb.freebsd.org/changeset/base/355851
Log:
MFC r355581:
Avoid access to stale ip pointer and call UPDATE_POINTERS() after
PULLUP_LEN_LOCKED().
PULLUP_LEN_LOCKED() could update mbuf and thus we need to update related
pointers that can be used in next opcodes.
Reported by: Maxime Villard <max at m00nbsd net>
NOTE: this commit also adds UPDATE_POINTERS() stub macro, that originally
is part of r345166 commit that was not merged.
Modified:
stable/11/sys/netpfil/ipfw/ip_fw2.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c
==============================================================================
--- stable/11/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:23:08 2019
(r355850)
+++ stable/11/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:26:44 2019
(r355851)
@@ -1441,7 +1441,15 @@ do {
\
#define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, )
#define PULLUP_LEN_LOCKED(_len, p, T) \
- _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain));
+ _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \
+ UPDATE_POINTERS()
+/*
+ * In case pointers got stale after pullups, update them.
+ */
+#define UPDATE_POINTERS() \
+do { \
+ ip = mtod(m, struct ip *); \
+} while (0)
/*
* if we have an ether header,
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
