From nobody Sat Feb 24 18:48:49 2024 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Thwrf2CWcz5BMS3; Sat, 24 Feb 2024 18:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Thwrf1jbXz3wbv; Sat, 24 Feb 2024 18:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708800530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fzK3s9Nlhmj9zIAvhuZNwHuP7MptzvTmUxxikvgXjJY=; b=vNM1Y+jEIQ5UQmqBjps19gOHANRf7+3SLdvYjfgVTHqPfOt1f/TaDhsC3EaTErdMhcIqS+ TM+RQVk9jR2iO1GzHTeAvzdMUU8M0dtZK581I1cDy7sY+q4/KfO4eBTRC63cqsb7QUHRF1 Gep+/T3lumXKLvDQqLBmtVCgFMmEgr5+Vuh/pMwmOVvCnpYGpf5LqaMWFVTm7VCEWXPZez 7zo6UUN22/st+fKOTxV9CdBTlF4X6IUyv3Dw1AwiG0H8dLKjlF32uJAP0WTWW2EaX0F90K VYajpm6OOLcnr0ql3CbUXxgCAkIIesdC7NaDyibvEnsM7XnEqR6Fc7A10DF8qg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708800530; a=rsa-sha256; cv=none; b=cjOa7nD0crhZBdwldSZARL4Vp0oT0h35RyAZEd65fRxi9Ez9apAexSnVg1p9OflqwBuuqK 9eOD3zhJ5gllYdoLuivQ1sMFE04TfR9ZIRK8q+HCsrT3/T9SDCr2xOoNG+Iu/DvKVJWq5h K33E7EYvWm8J3LG898BCMHknVstEg5zhBABxegLRFAfjIw0THGZYPJ0/bwmy1i9HsqJevs sT8Ar2V2haHlRVuv08r+zx2JcDzbxKGFDaKXExgrmo1thl27sKk7+Vk0u3BhBMpt4vWNkA mbZzxzT1MN1bvvlksJh9klWvgzyu2ryeQ9zew7X04ChdoDG5q2PW7I93Ouk/Bg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708800530; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fzK3s9Nlhmj9zIAvhuZNwHuP7MptzvTmUxxikvgXjJY=; b=glGbDMZoS52ppgefrB5+1upuY02lnLLPMtQEfKN2w7DJq1ooFat1C65CPaomKrvEa9N6q/ MQbdGzzXIcjyZ5jGGAKF2WJPpTINCce/mAPmggMEC9hZODBhjShOFbQxDgeCDzjcfU1GwY sSVo7TD7mhuOYkM8yTGla8PEEWW5iWOr89egSvsP2q7DybrW4okEMZOXo9+Yh2GkryYmK2 R0ILo5aj2hJiqHuzdgUIRnLSwCWlpqw+VjCZAASxvmPgWUtO/E6NSOJGCe+FEozUxt0ao1 mGdBwS+Kkws8YFAZxTmLY3z9cKKZCEQeX4DRzm9s/y7lHhkOESEjh7q8aZBCpw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Thwrf0myNz19Vw; Sat, 24 Feb 2024 18:48:50 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41OImnnV049131; Sat, 24 Feb 2024 18:48:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41OImnfk049128; Sat, 24 Feb 2024 18:48:49 GMT (envelope-from git) Date: Sat, 24 Feb 2024 18:48:49 GMT Message-Id: <202402241848.41OImnfk049128@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: be2c6fba9d83 - stable/14 - pfsync: Fix offset calculation List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: be2c6fba9d8314f9f8f4d4acc1c35e7a6a84b080 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=be2c6fba9d8314f9f8f4d4acc1c35e7a6a84b080 commit be2c6fba9d8314f9f8f4d4acc1c35e7a6a84b080 Author: Kajetan Staszkiewicz AuthorDate: 2024-02-13 19:41:14 +0000 Commit: Kristof Provost CommitDate: 2024-02-24 18:47:13 +0000 pfsync: Fix offset calculation Even though message version is automatically recognized and the top of the struct is identical for different versions, when iterating over multiple messages proper message length must be used. That's the length of an union member for given version, not of the union itself. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D43862 (cherry picked from commit 50edc630719827b6c58dd515328997fd196b1d78) --- sys/netpfil/pf/if_pfsync.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index 75c361b394e0..41eab7be515d 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -1002,15 +1002,17 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) { struct mbuf *mp; union pfsync_state_union *sa, *sp; - int i, offp, len, msg_version; + int i, offp, total_len, msg_version, msg_len; switch (action) { case PFSYNC_ACT_INS_1301: - len = sizeof(struct pfsync_state_1301) * count; + msg_len = sizeof(struct pfsync_state_1301); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1301; break; case PFSYNC_ACT_INS_1400: - len = sizeof(struct pfsync_state_1400) * count; + msg_len = sizeof(struct pfsync_state_1400); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1400; break; default: @@ -1018,7 +1020,7 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) return (-1); } - mp = m_pulldown(m, offset, len, &offp); + mp = m_pulldown(m, offset, total_len, &offp); if (mp == NULL) { V_pfsyncstats.pfsyncs_badlen++; return (-1); @@ -1026,7 +1028,7 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) sa = (union pfsync_state_union *)(mp->m_data + offp); for (i = 0; i < count; i++) { - sp = &sa[i]; + sp = (union pfsync_state_union *)((char *)sa + msg_len * i); /* Check for invalid values. */ if (sp->pfs_1301.timeout >= PFTM_MAX || @@ -1046,7 +1048,7 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) break; } - return (len); + return (total_len); } static int @@ -1127,15 +1129,17 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) union pfsync_state_union *sa, *sp; struct pf_kstate *st; struct mbuf *mp; - int sync, offp, i, len, msg_version; + int sync, offp, i, total_len, msg_len, msg_version; switch (action) { case PFSYNC_ACT_UPD_1301: - len = sizeof(struct pfsync_state_1301) * count; + msg_len = sizeof(struct pfsync_state_1301); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1301; break; case PFSYNC_ACT_UPD_1400: - len = sizeof(struct pfsync_state_1400) * count; + msg_len = sizeof(struct pfsync_state_1400); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1400; break; default: @@ -1143,7 +1147,7 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) return (-1); } - mp = m_pulldown(m, offset, len, &offp); + mp = m_pulldown(m, offset, total_len, &offp); if (mp == NULL) { V_pfsyncstats.pfsyncs_badlen++; return (-1); @@ -1151,7 +1155,7 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) sa = (union pfsync_state_union *)(mp->m_data + offp); for (i = 0; i < count; i++) { - sp = &sa[i]; + sp = (union pfsync_state_union *)((char *)sa + msg_len * i); /* check for invalid values */ if (sp->pfs_1301.timeout >= PFTM_MAX || @@ -1214,7 +1218,7 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) PF_STATE_UNLOCK(st); } - return (len); + return (total_len); } static int