svn commit: r309933 - head/usr.sbin/syslogd

Hiroki Sato hrs at FreeBSD.org
Tue Dec 13 20:58:26 UTC 2016 

Conrad Meyer <cem at freebsd.org> wrote
  in <CAG6CVpV=nshki9k8DM-4Cni1gTJ8U-Eh1t8D9KfUqo0MKnC=wA at mail.gmail.com>:

ce> On Mon, Dec 12, 2016 at 11:33 AM, Hiroki Sato <hrs at freebsd.org> wrote:
ce> > Author: hrs
ce> > Date: Mon Dec 12 19:33:40 2016
ce> > New Revision: 309933
ce> > URL: https://svnweb.freebsd.org/changeset/base/309933
ce> >
ce> > Log:
ce> >   - Refactor listening socket list.  All of the listening sockets are
ce> >     now maintained in a single linked-list in a transport-independent manner.
ce> >   - Use queue.h for linked-list structure.
ce> >   - Use linked-list for AllowedPeers.
ce> >   - Use getaddrinfo(8) even for Unix Domain sockets.
ce> >   - Use macros to type-casting from/to struct sockaddr{,_in,_in6}.
ce> >   - Define fu_* macro for union f_un to shorten the member names.
ce> >   - Remove an extra #include <sys/type.h>.
ce> >   - Add "static" to non-exported symbols.
ce> >   - !INET support is still incomplete but will be fixed later.
ce> >
ce> >   There is no functional change except for some minor debug messages.
ce>
ce> Hello Hiroki,
ce>
ce> This refactor introduced a bug in the IPv6 address comparison/rejection logic.
ce>
ce> > Modified: head/usr.sbin/syslogd/syslogd.c
ce> > ==============================================================================
ce> > --- head/usr.sbin/syslogd/syslogd.c     Mon Dec 12 19:26:55 2016        (r309932)
ce> > +++ head/usr.sbin/syslogd/syslogd.c     Mon Dec 12 19:33:40 2016        (r309933)
ce> > ...
ce> >      reject = 0;
ce> > - for (j = 0; j < 16; j += 4) {
ce> > - if ((*(u_int32_t *)&sin6->sin6_addr.s6_addr[j] & *(u_int32_t *)&m6p->sin6_addr.s6_addr[j])
ce> > -    != *(u_int32_t *)&a6p->sin6_addr.s6_addr[j]) {
ce> > - ++reject;
ce> > - break;
ce> > - }
ce> > + if (IN6_ARE_MASKED_ADDR_EQUAL(&sin6->sin6_addr,
ce> > +    &a6p->sin6_addr, &m6p->sin6_addr) != 0) {
ce> > + ++reject;
ce> > + break;
ce> >      }
ce> >      if (reject) {
ce> >       dprintf("rejected in rule %d due to IP mismatch.\n", i);
ce>
ce> The new check isn't a loop, so the 'break' breaks out of the outer
ce> loop, which is unintentional.  I think we should just remove 'break'.
ce>
ce> This was found by Coverity CID 1366941.

 Oh, it was my mistake.  Thank you for pointing out it.  Fixed in
 r310035 just now.

-- Hiroki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20161214/3bbe61e9/attachment.sig>

More information about the svn-src-head mailing list