From nobody Mon Mar 03 16:08:29 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Z63dT6xRyz5pjVY;
	Mon, 03 Mar 2025 16:08:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Z63dT6Hqsz3xPb;
	Mon, 03 Mar 2025 16:08:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1741018109;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VXCFQzrc6JYJ/43OjuFeV1nhe20wrIWqs7Tal7rrXoo=;
	b=NrhEW6qBQF9TotY7AKFIWSS2MDwaSX9Iuzg06rDi74vZnoo6i2dMgovNJ81gxz7phJSmrG
	59FOO8I8oYU7so9ntimBVE4BxZIkrpRWlN8C/AqfzaqmQCXHKiPlE+z6txJIGZ/QKIwp6I
	MrJ7zaGU0522tnRM3ajZetZp5n1GV5qeHB13O8ioTOw6o8ig+YYhk023OpMXPMi615Co66
	0rI3/uYSXlrYP+blC2NXcrPRRSZdk3JsrRUXFu7KTWp0iaqWvTuZ6PWH9p2O4ibrcStcmb
	fCIoANnTV73q7UXbCB/bduwd3U/y8NiH0+gHxadSW623VDQKeI3v2U6Lgx3Gow==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1741018109; a=rsa-sha256; cv=none;
	b=oylTvShdUk72Pdz1XDmYVJ1I4m2MQWeimQPGtOoiMEx20ZqYWfH9z68i3Drh3Dyj8YoWbS
	wZXwAQ8I8x1euYCYMjKJw0LWlEx6suuYxUMNYJ2Fd2DT+65TjftpVZKqmfCUISiVgndG4O
	Azfz+AwqdsNL2vdTNQVdpU1hiYo/Q2iE8Retxsp2T0WWntLU+ZuWz6ACfOaJaAXJxh6qRf
	EZi5HY5Q35YBQH+tVFz33VyUvMlmPOU9tgOZAI3H6C2gtfewlVOn2zT9G2qkiD+fdYlrbo
	w2X0njpjo7JdosSBka9cSbnFK8yG0I/CB0SkSNsxcYOUQtOSHMwyufthZENpww==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1741018109;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=VXCFQzrc6JYJ/43OjuFeV1nhe20wrIWqs7Tal7rrXoo=;
	b=r3LZHaqqaVt2LcRcKFpUNfMdl/mrfV7rYO1AOBin0HxMIDu3r9o/t8hK00Lbr5nNo356F7
	xqFsT52VEbGrTVz3RqVQyKFhZnW6M/YhA02ISqfqCngJZtuftmdMz2BajAN5w+WQx4nZzw
	5O1gqR9QnnWJUMOj6iHDig9dH+maf2jzoO1SaKgX7d16frWyoOydYJhIH60rlV4/MrAq9c
	VcHHOVWM/Ktq/EX+/Igjw4FkL9lq4giV3lS2HdQjzRnB7iKIu3Z15dUcI7C/cRlqOL88fd
	2TXZ0QXt0lWcV+ugivu/uZFxo2t3KKKB+hmSerqhkRMn+OHld4A5Bmp0Ppp9Nw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Z63dT5vGPzvZH;
	Mon, 03 Mar 2025 16:08:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 523G8TjP090686;
	Mon, 3 Mar 2025 16:08:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 523G8Tdf090683;
	Mon, 3 Mar 2025 16:08:29 GMT
	(envelope-from git)
Date: Mon, 3 Mar 2025 16:08:29 GMT
Message-Id: <202503031608.523G8Tdf090683@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kristof Provost <kp@FreeBSD.org>
Subject: git: a373ea07650b - main - pf: fix pf_map_addr() not to
  cause dividing by 0
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a373ea07650b13f4d398d1341c932082bdb05d3a
Auto-Submitted: auto-generated

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=a373ea07650b13f4d398d1341c932082bdb05d3a

commit a373ea07650b13f4d398d1341c932082bdb05d3a
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-02-28 14:58:15 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-03-03 16:07:16 +0000

    pf: fix pf_map_addr() not to cause dividing by 0
    
    This fixes problem when using table or dynamic interface addresses for
    source-hash. Also avoid calling arc4random_uniform() with upper_bound == 0.
    
    ok mikeb
    
    Obtained from:  OpenBSD, yasuoka <yasuoka@openbsd.org>, c30ec822b8
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_lb.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/sys/netpfil/pf/pf_lb.c b/sys/netpfil/pf/pf_lb.c
index cb1d7af258f3..ea9fbc46af63 100644
--- a/sys/netpfil/pf/pf_lb.c
+++ b/sys/netpfil/pf/pf_lb.c
@@ -518,7 +518,10 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 	case PF_POOL_RANDOM:
 		if (rpool->cur->addr.type == PF_ADDR_TABLE) {
 			cnt = rpool->cur->addr.p.tbl->pfrkt_cnt;
-			rpool->tblidx = (int)arc4random_uniform(cnt);
+			if (cnt == 0)
+				rpool->tblidx = 0;
+			else
+				rpool->tblidx = (int)arc4random_uniform(cnt);
 			memset(&rpool->counter, 0, sizeof(rpool->counter));
 			if (pfr_pool_get(rpool->cur->addr.p.tbl,
 			    &rpool->tblidx, &rpool->counter, af, NULL)) {
@@ -528,7 +531,10 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 			PF_ACPY(naddr, &rpool->counter, af);
 		} else if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {
 			cnt = rpool->cur->addr.p.dyn->pfid_kt->pfrkt_cnt;
-			rpool->tblidx = (int)arc4random_uniform(cnt);
+			if (cnt == 0)
+				rpool->tblidx = 0;
+			else
+				rpool->tblidx = (int)arc4random_uniform(cnt);
 			memset(&rpool->counter, 0, sizeof(rpool->counter));
 			if (pfr_pool_get(rpool->cur->addr.p.dyn->pfid_kt,
 			    &rpool->tblidx, &rpool->counter, af,
@@ -583,7 +589,10 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 		    pf_hash(saddr, (struct pf_addr *)&hash, &rpool->key, af);
 		if (rpool->cur->addr.type == PF_ADDR_TABLE) {
 			cnt = rpool->cur->addr.p.tbl->pfrkt_cnt;
-			rpool->tblidx = (int)(hashidx % cnt);
+			if (cnt == 0)
+				rpool->tblidx = 0;
+			else
+				rpool->tblidx = (int)(hashidx % cnt);
 			memset(&rpool->counter, 0, sizeof(rpool->counter));
 			if (pfr_pool_get(rpool->cur->addr.p.tbl,
 			    &rpool->tblidx, &rpool->counter, af, NULL)) {
@@ -593,7 +602,10 @@ pf_map_addr(sa_family_t af, struct pf_krule *r, struct pf_addr *saddr,
 			PF_ACPY(naddr, &rpool->counter, af);
 		} else if (rpool->cur->addr.type == PF_ADDR_DYNIFTL) {
 			cnt = rpool->cur->addr.p.dyn->pfid_kt->pfrkt_cnt;
-			rpool->tblidx = (int)(hashidx % cnt);
+			if (cnt == 0)
+				rpool->tblidx = 0;
+			else
+				rpool->tblidx = (int)(hashidx % cnt);
 			memset(&rpool->counter, 0, sizeof(rpool->counter));
 			if (pfr_pool_get(rpool->cur->addr.p.dyn->pfid_kt,
 			    &rpool->tblidx, &rpool->counter, af,