From nobody Fri Jan 13 10:46:08 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NtdPX5BWrz2p5tp; Fri, 13 Jan 2023 10:46:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NtdPX4hz8z3qsp; Fri, 13 Jan 2023 10:46:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673606768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=54hsfJeSwf4w7ezS7EyppUIs6Wt78h41gdyf0HzQLPE=; b=iPA4ftMmVohksE9E0k5OYtE5oAKYSPGyi2WVpmM0K6GZj0B54DRhvbQWtM8w0N7ecG3puP Z4hycdmjSBFi8srdfb3UFGcEUJCj+YHhE9WfOll7ow7n0Is/No+KTwwoph8hrl9DZSlANp hkg99tyS4pAP0o4efKZ4djVJ1f5rVJN1h+WIMRKhFE8pJmsGBe20A5YW9ocLCjzpxXS308 zH5rezd69wwdY/fUP1wGAhO7PRR38LO9OYMwwsfMb0WneO4ycWLLRn+P9a1c/rGhpU0m/Z kIKXejzRD9YBxuthgN52gn5ryYra5nXFDSPjux0tOQMgqZug6ZlaPUdKrkN6tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1673606768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=54hsfJeSwf4w7ezS7EyppUIs6Wt78h41gdyf0HzQLPE=; b=qBbRovGgC209wKphKuCzurmctY6SXYc/4tbwDQiQI21D+UJ2HO3ZUc08eGK/lvhBITONwt BfiAosxniL7Uj2CVEERp2skPgSq/t2cmvm9t+WrRS/fBGQN1NxR1WkoLk7djSl6DjiyRdQ 7ZsZyaTrSwOS4cPpCMuAMyeX1DouPak27SlwKR/dF6EAksoyhilvXn5w4UiZPPApCk/aCd H4x9Of2fBTeqLlfrm2NKyM5NTW/lHEu9xRyvqBm4l7wQ5bbZ4QD1Vogpc7NZaHYqnOWPkY ZN/5nGvbP9vdHm33HomdydOPxX6r2RQeHUBzN7Cf+hyIPZ6sXmhF8Y0S8Oje8Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673606768; a=rsa-sha256; cv=none; b=wyP82yK/6nn4DcvqjpXU3BvNoKE855ir2Rxjxt69QtuIEE5EyfvlKD6cuqIs4bSrVyGDTN Vk1n31KQKvYv6ud59utmQCww4mNgYUtDvp6wHPbPjEjMc5vQKxftTLxKBkaEirQO1ejKpO E2u/AP0gL9m1I5E9uW+hFk1ZR0gG7Pp2DYiBvwRWFbTj221WfzRImYk9uzBPSmT4iXZJhK hGrTDGpjlcFWJAByvMuwR9UtUKHl7zehqLSSnOdE6qYLd+KbbbsLr1BckSTs41l+ijhMRV KHjz6BS82QkUOJymAQHpdTVlUSjtCKCQR0fo6tZ0CjTvtJEnBrg4xbBea1xP8w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NtdPX3YFQz14YS; Fri, 13 Jan 2023 10:46:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30DAk8Rq024351; Fri, 13 Jan 2023 10:46:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30DAk8VV024350; Fri, 13 Jan 2023 10:46:08 GMT (envelope-from git) Date: Fri, 13 Jan 2023 10:46:08 GMT Message-Id: <202301131046.30DAk8VV024350@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Zhenlei Huang Subject: git: ddbf879d79d4 - main - jail: Correctly access IPv[46] addresses of prison_ip List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: zlei X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ddbf879d79d45bb3f493853d4b8ff30bce8f2da3 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=ddbf879d79d45bb3f493853d4b8ff30bce8f2da3 commit ddbf879d79d45bb3f493853d4b8ff30bce8f2da3 Author: Zhenlei Huang AuthorDate: 2023-01-13 09:50:01 +0000 Commit: Zhenlei Huang CommitDate: 2023-01-13 10:45:14 +0000 jail: Correctly access IPv[46] addresses of prison_ip * Fix wrong IPv[46] addresses inherited from parent jail * Properly restrict the child jail's IPv[46] addresses Reviewed by: melifaro, glebius Approved by: kp (mentor) Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists Differential Revision: https://reviews.freebsd.org/D37871 Differential Revision: https://reviews.freebsd.org/D37872 --- sys/kern/kern_jail.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index c715dbf25977..c8ae362c652c 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -654,7 +654,7 @@ prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af) if (ppr->pr_addrs[af] != NULL) { pr->pr_addrs[af] = prison_ip_alloc(af, ppr->pr_addrs[af]->ips, M_WAITOK); - bcopy(ppr->pr_addrs[af], pr->pr_addrs[af], + bcopy(ppr->pr_addrs[af] + 1, pr->pr_addrs[af] + 1, pr->pr_addrs[af]->ips * pr_families[af].size); } } @@ -814,7 +814,7 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af, alloced = false; if (!(pr->pr_flags & pr_families[af].ip_flag)) { /* This has no user settings, so just copy the parent's list. */ - bcopy(ppip, new, ips * size); + bcopy(ppip + 1, new + 1, ips * size); } else { /* Remove addresses that aren't in the parent. */ int i; @@ -846,7 +846,7 @@ prison_ip_restrict(struct prison *pr, const pr_family_t af, i++; break; case 0: - bcopy(PR_IP(pr, i), PR_IPD(new, ips), size); + bcopy(PR_IP(pip, i), PR_IPD(new, ips), size); i++; pi++; ips++;