From nobody Tue Apr 22 02:07:49 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZhQcP6fp5z5tNS8; Tue, 22 Apr 2025 02:07:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZhQcP4wvdz49MP; Tue, 22 Apr 2025 02:07:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745287669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=K0oKUDOmmrFTjx3joqoVYXThXt7774GgTyVyzeBsYEA=; b=YLU40QGt13eamyVdU6WTw+dXkORs8W6IxDEaD6azm9N5tbmN3rhIInAwHNPeqvefaSHGvV s/TBpyHX/3h9OJho9SmW+gcWfK5gv5pGF7hSq9VZQMkrKa1Cc211apwzGzqvqJa3uL7vR1 LLNsdNpm9s5b9qSFPvuBEDu6+wLhBIYdvF/MWVYh6MjfZIvwcoahZubDi19eXcP6Anjvd1 7t2CfLaoNN9zcpcHeTDptca5aMouyG2KUi1tOGE8yna98kd/4OZOR8bCgW8IgUsTnMNWEX 2jZQ+RUOadplWIp54W9npAXWNFCOjANIdiBirqcTrUlzuO7EO4iILLMDHE6V5w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1745287669; a=rsa-sha256; cv=none; b=xJ7MteOGLERmBR7ygoa0pUTlLIvDcs1KGxE7DkWJIdMec79IEguKDzFYvcIkLzsXR2R7M6 r7MpeNm8fdoAQhHEg31RmmEj8ysCRpT+ZHabllfK//jGcJFEDoEts/S75c8I3FFiry78kV ZXXQgd8URUSQPPlN5Z6PevjPPnRh3aARaGFzblAW7uATPAO1/qqIXMSg85uie7ZZelWOkZ mCSnp7h7/PjjtmWz9HYvVNFM2hjPekLOvjeLk7DBorhXw7tFw0B5FPZBfZXuQ87QmXUjXN b/hxHIS7dUvkz/7a4bPA9TjejfA8ATXtBsu8Y7Xp7zx0DM8W6pReRqeL5jkFwQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1745287669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=K0oKUDOmmrFTjx3joqoVYXThXt7774GgTyVyzeBsYEA=; b=LkwzxNnVfMz0wZ+YCIHsHmjeQ1eFXH/nbgCbB8F+37FVN3CkWsg9srbhyxI2YicIgOOXi+ uyRMtBfH+N1W735VOadJ3ruaL3Suc4oDYu2yyM8+cmmkcnzI4LRFmAfJ4yKkMgoW68rW79 Tpgp3xyg1ENjQFqUR/PxJEdbqO47ztPWbM/IbTsiV+tIjw23ZkS+1h3/JWSDyVbIVutk2b Xcz6M5FrlmOUbUo3F/9D6VLlym7MrYoUCs3jcO0O7mv7I1sm2CsCT5+cr0Snc/spU2UWLJ Rjk4LxDED2Ejufa2kk7W1oOVdV0PHTIBQPUnWHHBkKaxqWuIzQbXks3HlzrbPA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZhQcP4Ttbz1Dbl; Tue, 22 Apr 2025 02:07:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 53M27nUU077812; Tue, 22 Apr 2025 02:07:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 53M27n0n077809; Tue, 22 Apr 2025 02:07:49 GMT (envelope-from git) Date: Tue, 22 Apr 2025 02:07:49 GMT Message-Id: <202504220207.53M27n0n077809@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: 91489043435f - main - ipfw: Fix broken length checks on routing messages List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 91489043435f1f98a03d1cd5138a6ce37408e92f Auto-Submitted: auto-generated The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=91489043435f1f98a03d1cd5138a6ce37408e92f commit 91489043435f1f98a03d1cd5138a6ce37408e92f Author: John Baldwin AuthorDate: 2025-04-21 20:53:15 +0000 Commit: John Baldwin CommitDate: 2025-04-22 02:00:14 +0000 ipfw: Fix broken length checks on routing messages Subtracting unsigned and signed types of the same rank yields an unsigned value that is never less than 0. Rewrite the checks to use the pattern of 'if (msglen < )' instead of 'if (msglen - < 0)' to avoid the subtraction. To avoid adding lots of casts to appease -Wsign-compare, use a separate ssize_t variable for the return value of read(2) and convert msglen to size_t. While here, fix the first check against the size of the route message header which was inverted and would have rejected all valid messages if not for the unsigned vs signed bug causing all of the checks to be broken. sbin/ipfw/ipfw2.c: In function 'ipfw_rtsock_monitor': sbin/ipfw/ipfw2.c:6088:43: error: comparison of unsigned expression in '< 0' is always false [-Werror=type-limits] 6088 | if (sizeof(*hdr) - msglen < 0) | ^ Reported by: GCC -Wtype-limits Fixes: 3c76623ad553 ("ipfw: add 'internal monitor' subcommand to capture rtsock messages.") --- sbin/ipfw/ipfw2.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index a95e7b0318da..2addc0295f0f 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -6072,7 +6072,8 @@ ipfw_rtsock_monitor(const char *filter) struct sockaddr *sa; struct sockaddr_dl *sdl; ipfwlog_rtsock_hdr_v2 *loghdr; - ssize_t msglen; + ssize_t nread; + size_t msglen; int rtsock; rtsock = socket(PF_ROUTE, SOCK_RAW, AF_IPFWLOG); @@ -6080,12 +6081,13 @@ ipfw_rtsock_monitor(const char *filter) err(EX_UNAVAILABLE, "socket(AF_IPFWLOG)"); bp_alloc(&bp, 4096); for (;;) { - msglen = read(rtsock, msg, sizeof(msg)); - if (msglen < 0) { + nread = read(rtsock, msg, sizeof(msg)); + if (nread < 0) { warn("read()"); continue; } - if (sizeof(*hdr) - msglen < 0) + msglen = nread; + if (msglen < sizeof(*hdr)) continue; hdr = (struct rt_msghdr *)msg; @@ -6098,7 +6100,7 @@ ipfw_rtsock_monitor(const char *filter) msglen -= sizeof(*hdr); sdl = (struct sockaddr_dl *)(hdr + 1); - if (msglen - sizeof(*sdl) < 0 || msglen - SA_SIZE(sdl) < 0 || + if (msglen < sizeof(*sdl) || msglen < SA_SIZE(sdl) || sdl->sdl_family != AF_IPFWLOG || sdl->sdl_type != 2 /* version */ || sdl->sdl_alen != sizeof(*loghdr)) @@ -6112,7 +6114,7 @@ ipfw_rtsock_monitor(const char *filter) continue; sa = (struct sockaddr *)((char *)sdl + SA_SIZE(sdl)); - if (msglen - SA_SIZE(sa) < 0) + if (msglen < SA_SIZE(sa)) continue; msglen -= SA_SIZE(sa); @@ -6131,7 +6133,7 @@ ipfw_rtsock_monitor(const char *filter) bprint_sa(&bp, sa); sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa)); - if (msglen - SA_SIZE(sa) < 0) + if (msglen < SA_SIZE(sa)) continue; msglen -= SA_SIZE(sa); @@ -6146,7 +6148,7 @@ ipfw_rtsock_monitor(const char *filter) sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa)); if ((hdr->rtm_addrs & (1 << RTAX_GENMASK)) != 0 && - msglen - SA_SIZE(sa) >= 0) { + msglen >= SA_SIZE(sa)) { msglen -= SA_SIZE(sa); bprintf(&bp, ", nh "); bprint_sa(&bp, sa);