Author: ae Date: Tue Dec 17 10:26:44 2019 New Revision: 355851 URL: https://svnweb.freebsd.org/changeset/base/355851
Log: MFC r355581: Avoid access to stale ip pointer and call UPDATE_POINTERS() after PULLUP_LEN_LOCKED(). PULLUP_LEN_LOCKED() could update mbuf and thus we need to update related pointers that can be used in next opcodes. Reported by: Maxime Villard <max at m00nbsd net> NOTE: this commit also adds UPDATE_POINTERS() stub macro, that originally is part of r345166 commit that was not merged. Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/11/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:23:08 2019 (r355850) +++ stable/11/sys/netpfil/ipfw/ip_fw2.c Tue Dec 17 10:26:44 2019 (r355851) @@ -1441,7 +1441,15 @@ do { \ #define PULLUP_LEN(_len, p, T) _PULLUP_LOCKED(_len, p, T, ) #define PULLUP_LEN_LOCKED(_len, p, T) \ - _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); + _PULLUP_LOCKED(_len, p, T, IPFW_PF_RUNLOCK(chain)); \ + UPDATE_POINTERS() +/* + * In case pointers got stale after pullups, update them. + */ +#define UPDATE_POINTERS() \ +do { \ + ip = mtod(m, struct ip *); \ +} while (0) /* * if we have an ether header, _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"