svn commit: r309933 - head/usr.sbin/syslogd
Hiroki Sato
hrs at FreeBSD.org
Tue Dec 13 20:58:26 UTC 2016
Conrad Meyer <cem at freebsd.org> wrote
in <CAG6CVpV=nshki9k8DM-4Cni1gTJ8U-Eh1t8D9KfUqo0MKnC=wA at mail.gmail.com>:
ce> On Mon, Dec 12, 2016 at 11:33 AM, Hiroki Sato <hrs at freebsd.org> wrote:
ce> > Author: hrs
ce> > Date: Mon Dec 12 19:33:40 2016
ce> > New Revision: 309933
ce> > URL: https://svnweb.freebsd.org/changeset/base/309933
ce> >
ce> > Log:
ce> > - Refactor listening socket list. All of the listening sockets are
ce> > now maintained in a single linked-list in a transport-independent manner.
ce> > - Use queue.h for linked-list structure.
ce> > - Use linked-list for AllowedPeers.
ce> > - Use getaddrinfo(8) even for Unix Domain sockets.
ce> > - Use macros to type-casting from/to struct sockaddr{,_in,_in6}.
ce> > - Define fu_* macro for union f_un to shorten the member names.
ce> > - Remove an extra #include <sys/type.h>.
ce> > - Add "static" to non-exported symbols.
ce> > - !INET support is still incomplete but will be fixed later.
ce> >
ce> > There is no functional change except for some minor debug messages.
ce>
ce> Hello Hiroki,
ce>
ce> This refactor introduced a bug in the IPv6 address comparison/rejection logic.
ce>
ce> > Modified: head/usr.sbin/syslogd/syslogd.c
ce> > ==============================================================================
ce> > --- head/usr.sbin/syslogd/syslogd.c Mon Dec 12 19:26:55 2016 (r309932)
ce> > +++ head/usr.sbin/syslogd/syslogd.c Mon Dec 12 19:33:40 2016 (r309933)
ce> > ...
ce> > reject = 0;
ce> > - for (j = 0; j < 16; j += 4) {
ce> > - if ((*(u_int32_t *)&sin6->sin6_addr.s6_addr[j] & *(u_int32_t *)&m6p->sin6_addr.s6_addr[j])
ce> > - != *(u_int32_t *)&a6p->sin6_addr.s6_addr[j]) {
ce> > - ++reject;
ce> > - break;
ce> > - }
ce> > + if (IN6_ARE_MASKED_ADDR_EQUAL(&sin6->sin6_addr,
ce> > + &a6p->sin6_addr, &m6p->sin6_addr) != 0) {
ce> > + ++reject;
ce> > + break;
ce> > }
ce> > if (reject) {
ce> > dprintf("rejected in rule %d due to IP mismatch.\n", i);
ce>
ce> The new check isn't a loop, so the 'break' breaks out of the outer
ce> loop, which is unintentional. I think we should just remove 'break'.
ce>
ce> This was found by Coverity CID 1366941.
Oh, it was my mistake. Thank you for pointing out it. Fixed in
r310035 just now.
-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20161214/3bbe61e9/attachment.sig>
More information about the svn-src-all
mailing list