kern/81128: incorrect handling of an empty pfil list in pfil_run_hooks()

[Joost Bekkers]

>Number:         81128
>Category:       kern
>Synopsis:       incorrect handling of an empty pfil list in pfil_run_hooks()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 16 19:10:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Joost Bekkers
>Release:        FreeBSD 5.4-RELEASE i386
>Organization:
>Environment:
System: FreeBSD bps.jodocus.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Tue May 10 13:46:16 CEST 2005 joost at bps.jodocus.org:/usr/obj/usr/src/sys/bps i386


>Description:

pfil_run_hooks() in sys/net/pfil.c currently contains:

========================
if (ph->ph_busy_count == -1 || ph->ph_want_write) {
	m_freem(*mp);
	*mp = NULL;
	return (ENOBUFS);
}
========================

'ph_busy_count == -1' means there are no hooks in either the in or out list.
Which means the packet should be passed and not dropped as is now the case.

The problem currently doesn't surface because everywhere pfil_run_hooks() is
called, the call is preceded by a check for 'ph_busy_count == -1'. If true
the call is skipped.

>How-To-Repeat:
>Fix:

split the if into two parts:

if (ph->ph_busy_count == -1)
	return 0;
if (ph->ph_want_write) {
	m_freem(*mp);
	*mp = NULL;
	return (ENOBUFS);
}

>Release-Note:
>Audit-Trail:
>Unformatted: