svn commit: r293159 - in head/sys: net netinet netinet6
Oliver Pinter
oliver.pinter at hardenedbsd.org
Fri Jan 8 23:38:35 UTC 2016
On 1/4/16, Alexander V. Chernikov <melifaro at freebsd.org> wrote:
> Author: melifaro
> Date: Mon Jan 4 15:03:20 2016
> New Revision: 293159
> URL: https://svnweb.freebsd.org/changeset/base/293159
>
> Log:
> Add rib_lookup_info() to provide API for retrieving individual route
> entries data in unified format.
>
> There are control plane functions that require information other than
> just next-hop data (e.g. individual rtentry fields like flags or
> prefix/mask). Given that the goal is to avoid rte
> reference/refcounting,
> re-use rt_addrinfo structure to store most rte fields. If caller wants
> to retrieve key/mask or gateway (which are sockaddrs and are allocated
> separately), it needs to provide sufficient-sized sockaddrs structures
> w/ ther pointers saved in passed rt_addrinfo.
>
> Convert:
> * lltable new records checks (in_lltable_rtcheck(),
> nd6_is_new_addr_neighbor().
> * rtsock pre-add/change route check.
> * IPv6 NS ND-proxy check (RADIX_MPATH code was eliminated because
> 1) we don't support RTF_ANNOUNCE ND-proxy for networks and there
> should
> not be multiple host routes for such hosts 2) if we have multiple
> routes we should inspect them (which is not done). 3) the entire
> idea
> of abusing KRT as storage for ND proxy seems odd. Userland
> programs
> should be used for that purpose).
>
> Modified:
> head/sys/net/route.c
> head/sys/net/route.h
> head/sys/net/rtsock.c
> head/sys/netinet/in.c
> head/sys/netinet6/nd6.c
> head/sys/netinet6/nd6_nbr.c
>
> Modified: head/sys/net/route.c
> ==============================================================================
> --- head/sys/net/route.c Mon Jan 4 09:58:16 2016 (r293158)
> +++ head/sys/net/route.c Mon Jan 4 15:03:20 2016 (r293159)
> @@ -147,6 +147,8 @@ static void rt_notifydelete(struct rtent
> static struct radix_node *rt_mpath_unlink(struct radix_node_head *rnh,
> struct rt_addrinfo *info, struct rtentry *rto, int *perror);
> #endif
> +static int rt_exportinfo(struct rtentry *rt, struct rt_addrinfo *info,
> + int flags);
>
> struct if_mtuinfo
> {
> @@ -832,6 +834,147 @@ rtrequest_fib(int req,
>
>
> /*
> + * Copy most of @rt data into @info.
> + *
> + * If @flags contains NHR_COPY, copies dst,netmask and gw to the
> + * pointers specified by @info structure. Assume such pointers
> + * are zeroed sockaddr-like structures with sa_len field initialized
> + * to reflect size of the provided buffer. if no NHR_COPY is specified,
> + * point dst,netmask and gw @info fields to appropriate @rt values.
> + *
> + * if @flags contains NHR_REF, do refcouting on rt_ifp.
> + *
> + * Returns 0 on success.
> + */
> +int
> +rt_exportinfo(struct rtentry *rt, struct rt_addrinfo *info, int flags)
> +{
> + struct rt_metrics *rmx;
> + struct sockaddr *src, *dst;
> + int sa_len;
> +
> + if (flags & NHR_COPY) {
> + /* Copy destination if dst is non-zero */
> + src = rt_key(rt);
> + dst = info->rti_info[RTAX_DST];
> + sa_len = src->sa_len;
** CID 1347797: Null pointer dereferences (REVERSE_INULL)
/sys/net/route.c: 861 in rt_exportinfo()
________________________________________________________________________________________________________
*** CID 1347797: Null pointer dereferences (REVERSE_INULL)
/sys/net/route.c: 861 in rt_exportinfo()
855
856 if (flags & NHR_COPY) {
857 /* Copy destination if dst is non-zero */
858 src = rt_key(rt);
859 dst = info->rti_info[RTAX_DST];
860 sa_len = src->sa_len;
>>> CID 1347797: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "src" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
861 if (src != NULL && dst != NULL) {
862 if (src->sa_len > dst->sa_len)
863 return (ENOMEM);
864 memcpy(dst, src, src->sa_len);
865 info->rti_addrs |= RTA_DST;
866 }
> + if (src != NULL && dst != NULL) {
> + if (src->sa_len > dst->sa_len)
> + return (ENOMEM);
> + memcpy(dst, src, src->sa_len);
> + info->rti_addrs |= RTA_DST;
> + }
> +
> + /* Copy mask if set && dst is non-zero */
[...]
> _______________________________________________
> svn-src-head at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/svn-src-head
> To unsubscribe, send any mail to "svn-src-head-unsubscribe at freebsd.org"
>
More information about the svn-src-head
mailing list