svn commit: r340360 - in head: sbin/ipfw sys/netinet6 sys/netpfil/ipfw/nptv6
Conrad Meyer
cem at freebsd.org
Tue Nov 20 18:14:23 UTC 2018
Hi Andrey,
On Mon, Nov 12, 2018 at 3:21 AM Andrey V. Elsukov <ae at freebsd.org> wrote:
>
> Author: ae
> Date: Mon Nov 12 11:20:59 2018
> New Revision: 340360
> URL: https://svnweb.freebsd.org/changeset/base/340360
>
> Log:
> Add ability to use dynamic external prefix in ipfw_nptv6 module.
>
> ...
> Modified: head/sbin/ipfw/nptv6.c
> ==============================================================================
> --- head/sbin/ipfw/nptv6.c Mon Nov 12 07:14:34 2018 (r340359)
> +++ head/sbin/ipfw/nptv6.c Mon Nov 12 11:20:59 2018 (r340360)
> ...
> @@ -245,13 +261,14 @@ check_prefix:
> if ((flags & NPTV6_HAS_INTPREFIX) != NPTV6_HAS_INTPREFIX)
> errx(EX_USAGE, "int_prefix required");
> if ((flags & NPTV6_HAS_EXTPREFIX) != NPTV6_HAS_EXTPREFIX)
> - errx(EX_USAGE, "ext_prefix required");
> + errx(EX_USAGE, "ext_prefix or ext_if required");
> if ((flags & NPTV6_HAS_PREFIXLEN) != NPTV6_HAS_PREFIXLEN)
> errx(EX_USAGE, "prefixlen required");
>
> n2mask(&mask, cfg->plen);
> APPLY_MASK(&cfg->internal, &mask);
> - APPLY_MASK(&cfg->external, &mask);
> + if ((cfg->flags & NPTV6_DYNAMIC_PREFIX) == 0)
> + APPLY_MASK(&cfg->external, &mask);
Coverity points out that APPLY_MASK() is a macro composed of multiple
statements, and only the first statement will be conditional on the if
() expression. This means that effectively, the final three words of
mask will be applied to cfg->external unconditionally. CID is
1396914.
I would suggest using the do { } while (0) construct in the APPLY_MASK
macro to fix the issue.
Best,
Conrad
More information about the svn-src-head
mailing list