svn commit: r343590 - head/sys/contrib/ipfilter/netinet
Cy Schubert
cy at FreeBSD.org
Wed Jan 30 20:22:34 UTC 2019
Author: cy
Date: Wed Jan 30 20:22:33 2019
New Revision: 343590
URL: https://svnweb.freebsd.org/changeset/base/343590
Log:
When copying a NAT rule struct to userland for save by ipfs, use the
length of the struct in memmove() rather than an unintialized variable.
This fixes the first of two kernel page faults when ipfs is invoked.
PR: 235110
Reported by: David.Boyd49 at twc.com
MFC after: 2 weeks
Modified:
head/sys/contrib/ipfilter/netinet/ip_nat.c
Modified: head/sys/contrib/ipfilter/netinet/ip_nat.c
==============================================================================
--- head/sys/contrib/ipfilter/netinet/ip_nat.c Wed Jan 30 19:19:14 2019 (r343589)
+++ head/sys/contrib/ipfilter/netinet/ip_nat.c Wed Jan 30 20:22:33 2019 (r343590)
@@ -1866,7 +1866,7 @@ ipf_nat_getent(softc, data, getlock)
*/
if (nat->nat_ptr != NULL)
bcopy((char *)nat->nat_ptr, (char *)&ipn->ipn_ipnat,
- ipn->ipn_ipnat.in_size);
+ sizeof(nat->nat_ptr));
/*
* If we also know the NAT entry has an associated filter rule,
More information about the svn-src-head
mailing list