ports/57452: Fix port: security/pf
Max Laier
max at love2party.net
Wed Oct 1 13:10:19 UTC 2003
>Number: 57452
>Category: ports
>Synopsis: Fix port: security/pf
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 01 06:10:14 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Max Laier
>Release: FreeBSD 5.1-RELEASE i386
>Organization:
>Environment:
System: FreeBSD router.laiers.local 5.1-RELEASE FreeBSD 5.1-RELEASE #1: Tue Aug 5 13:21:55 CEST 2003 mlaier at router.laiers.local:/usr/local/pfsys/freebsd/src/sys/i386/compile/SMP i386
>Description:
Invalid use of atomic_set_int leads to wrong semantics. This can
make pf disfunctional when it is enabled and disabled quickly.
>How-To-Repeat:
#pfctl -e -f /etc/pf.conf;pfctl -d; pfctl -e
After that, pf does not work anywore.
>Fix:
Replace existing patch-ac (against pf/pf_ioctl.c) with this:
--- patch-ac begins here ---
--- pf/pf_ioctl.c.orig Wed Sep 24 13:47:55 2003
+++ pf/pf_ioctl.c Wed Oct 1 13:54:05 2003
@@ -201,7 +201,7 @@
/* psize */ nopsize,
/* flags */ 0,
/* kqfilter */ nokqfilter,
-#else
+#elif (__FreeBSD_version < 501110)
.d_open = pfopen,
.d_close = pfclose,
.d_read = noread,
@@ -215,6 +215,12 @@
.d_dump = nodump,
.d_flags = 0,
.d_kqfilter = nokqfilter,
+#else
+ .d_open = pfopen,
+ .d_close = pfclose,
+ .d_ioctl = pfioctl,
+ .d_name = PF_NAME,
+ .d_flags = 0,
#endif
};
#endif /* __FreeBSD__ */
@@ -3249,7 +3255,7 @@
#endif
#endif /* __FreeBSD_version >= 501108 */
- atomic_set_int(&pf_pfil_hooked, 1);
+ pf_pfil_hooked = 1;
return (0);
}
@@ -3298,7 +3304,7 @@
#endif
#endif /* __FreeBSD_version >= 501108 */
- atomic_set_int(&pf_pfil_hooked, 0);
+ pf_pfil_hooked = 0;
return (0);
}
--- patch-ac ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list