svn commit: r310727 - head/sbin/ipfw

Marius Strobl marius at FreeBSD.org
Wed Dec 28 23:34:30 UTC 2016 

Author: marius
Date: Wed Dec 28 23:34:28 2016
New Revision: 310727
URL: https://svnweb.freebsd.org/changeset/base/310727

Log:
  Fix a bug in r272840; given that the optlen parameter of setsockopt(2)
  is a 32-bit socklen_t, do_get3() passes the kernel to access the wrong
  32-bit half on big-endian LP64 machines when simply casting the 64-bit
  size_t optlen to a socklen_t pointer.
  While at it and given that the intention of do_get3() apparently is to
  hide/wrap the fact that socket options are used for communication with
  ipfw(4), change the optlen parameter of do_set3() to be of type size_t
  and as such more appropriate than uintptr_t, too.
  
  MFC after:	3 days

Modified:
  head/sbin/ipfw/ipfw2.c
  head/sbin/ipfw/ipfw2.h

Modified: head/sbin/ipfw/ipfw2.c
==============================================================================
--- head/sbin/ipfw/ipfw2.c	Wed Dec 28 23:02:01 2016	(r310726)
+++ head/sbin/ipfw/ipfw2.c	Wed Dec 28 23:34:28 2016	(r310727)
@@ -591,7 +591,7 @@ do_cmd(int optname, void *optval, uintpt
  * Returns 0 on success or errno otherwise.
  */
 int
-do_set3(int optname, ip_fw3_opheader *op3, uintptr_t optlen)
+do_set3(int optname, ip_fw3_opheader *op3, size_t optlen)
 {
 
 	if (co.test_only)
@@ -621,6 +621,7 @@ int
 do_get3(int optname, ip_fw3_opheader *op3, size_t *optlen)
 {
 	int error;
+	socklen_t len;
 
 	if (co.test_only)
 		return (0);
@@ -632,8 +633,9 @@ do_get3(int optname, ip_fw3_opheader *op
 
 	op3->opcode = optname;
 
-	error = getsockopt(ipfw_socket, IPPROTO_IP, IP_FW3, op3,
-	    (socklen_t *)optlen);
+	len = *optlen;
+	error = getsockopt(ipfw_socket, IPPROTO_IP, IP_FW3, op3, &len);
+	*optlen = len;
 
 	return (error);
 }

Modified: head/sbin/ipfw/ipfw2.h
==============================================================================
--- head/sbin/ipfw/ipfw2.h	Wed Dec 28 23:02:01 2016	(r310726)
+++ head/sbin/ipfw/ipfw2.h	Wed Dec 28 23:34:28 2016	(r310727)
@@ -329,7 +329,7 @@ void print_flags_buffer(char *buf, size_
 
 struct _ip_fw3_opheader;
 int do_cmd(int optname, void *optval, uintptr_t optlen);
-int do_set3(int optname, struct _ip_fw3_opheader *op3, uintptr_t optlen);
+int do_set3(int optname, struct _ip_fw3_opheader *op3, size_t optlen);
 int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen);
 
 struct in6_addr;

More information about the svn-src-head mailing list