From nobody Thu Feb 15 12:55:01 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TbFQZ11KHz53XVr; Thu, 15 Feb 2024 12:55:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TbFQZ0WpHz59Q7; Thu, 15 Feb 2024 12:55:02 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708001702; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=w2Sh6gLToQuQel42YGmi6zNcdNcKRNT78yX9w21281g=; b=Fb8Rt0pw+4uBS4WHXF0IC5KVVBrrEiFveeOkkOsJBTaeg127YU2tV5JmKZzVtNmSVLuwHq wb24OfCqyCfNUUyoewTHBXQD2JlpJu/Ly+A5ransMYZdtCM2QS/b+DuyBlL9UzsIE3CVjV 7EZkb0o01dgjjDm7ZgJ/weOa4Goa1uLhn6Yx+MKvi2LVPT+xyW2xPhewIvzqZ5PWqzJegz luoJKeWgmGoStDRtubhj4+OqqHBduKtEhRIwKbRBEeHiQKWrEVfD8NYKyRv3qAdkS6aYzb +Oj8EPkKRhe14LmpzDtHR8BcuZqkv2Z6x+opBI4doRGuSlz4Nw0t0MMFvy6Vrg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1708001702; a=rsa-sha256; cv=none; b=TPM0Mz7M3Koa3+TcsiPyknOqdBnRBBMZzLko1QYtJDfbwBjr61FfZ8/6fZCXpOhV/1MIR/ or+zjqa5aBVrWkrdHgsdPS5CT2hGDDG7jJhauwBva5zwbOEcGPXtHiRj/REayFcqPlwd5g 6KboKBEAQYVf3QAuZ4SiiSwIjz04cBkKHNLjhhJqg7VoZkUwwhKwcfIyE7bq4tyieXOgjH HAOIQT+dWL4GenIMQjRF4MXqH8sURpFWnByezj1195PawP/9g+Vv/yvAfUB9LJdfpyPQiQ H9A5YofuyHx3dTXtxQU61hpToDh7STLGO8JYkiUH2OUwXId/klQnThU32fWrOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1708001702; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=w2Sh6gLToQuQel42YGmi6zNcdNcKRNT78yX9w21281g=; b=eWVI42xNMYwNgJyfGlAkLAs+eC1O9gB2ecq6CQSAkg9K3Pdb7v0Gmb4fk/zJ1pLwayGfF4 xe4m2fvY8rfb5LG+kRptJm+kWRG3nweLL2dlLM6ON0rYLQzjN+gpM1D9a/bJrvCyfA8WgE 796gpO6nhHNJMXeHrXiv6OHDmXkLhwlmDxhToJ/7bSX08/3t5neSSjOlrcBIpRv+Am7MB4 MsSCPDMUoGezJ5BRsMz92KzfNWg4t30jJQgaRv600P2FKCUeQmNoOD+6Uc2sq3Q+zd722o inhJIgmjEb01SZdomm21qBX7RYFen/OK9Fyp6TRo0lElvsAWk3VsyAfH4aeT+A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TbFQY6hxhzj4R; Thu, 15 Feb 2024 12:55:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 41FCt1vO095738; Thu, 15 Feb 2024 12:55:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 41FCt1Pd095735; Thu, 15 Feb 2024 12:55:01 GMT (envelope-from git) Date: Thu, 15 Feb 2024 12:55:01 GMT Message-Id: <202402151255.41FCt1Pd095735@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 50edc6307198 - main - pfsync: Fix offset calculation List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 50edc630719827b6c58dd515328997fd196b1d78 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=50edc630719827b6c58dd515328997fd196b1d78 commit 50edc630719827b6c58dd515328997fd196b1d78 Author: Kajetan Staszkiewicz AuthorDate: 2024-02-13 19:41:14 +0000 Commit: Kristof Provost CommitDate: 2024-02-15 11:54:02 +0000 pfsync: Fix offset calculation Even though message version is automatically recognized and the top of the struct is identical for different versions, when iterating over multiple messages proper message length must be used. That's the length of an union member for given version, not of the union itself. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D43862 --- sys/netpfil/pf/if_pfsync.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index c57a89ea052a..e90bc60b85fa 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -1002,15 +1002,17 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) { struct mbuf *mp; union pfsync_state_union *sa, *sp; - int i, offp, len, msg_version; + int i, offp, total_len, msg_version, msg_len; switch (action) { case PFSYNC_ACT_INS_1301: - len = sizeof(struct pfsync_state_1301) * count; + msg_len = sizeof(struct pfsync_state_1301); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1301; break; case PFSYNC_ACT_INS_1400: - len = sizeof(struct pfsync_state_1400) * count; + msg_len = sizeof(struct pfsync_state_1400); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1400; break; default: @@ -1018,7 +1020,7 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) return (-1); } - mp = m_pulldown(m, offset, len, &offp); + mp = m_pulldown(m, offset, total_len, &offp); if (mp == NULL) { V_pfsyncstats.pfsyncs_badlen++; return (-1); @@ -1026,7 +1028,7 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) sa = (union pfsync_state_union *)(mp->m_data + offp); for (i = 0; i < count; i++) { - sp = &sa[i]; + sp = (union pfsync_state_union *)((char *)sa + msg_len * i); /* Check for invalid values. */ if (sp->pfs_1301.timeout >= PFTM_MAX || @@ -1046,7 +1048,7 @@ pfsync_in_ins(struct mbuf *m, int offset, int count, int flags, int action) break; } - return (len); + return (total_len); } static int @@ -1127,15 +1129,17 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) union pfsync_state_union *sa, *sp; struct pf_kstate *st; struct mbuf *mp; - int sync, offp, i, len, msg_version; + int sync, offp, i, total_len, msg_len, msg_version; switch (action) { case PFSYNC_ACT_UPD_1301: - len = sizeof(struct pfsync_state_1301) * count; + msg_len = sizeof(struct pfsync_state_1301); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1301; break; case PFSYNC_ACT_UPD_1400: - len = sizeof(struct pfsync_state_1400) * count; + msg_len = sizeof(struct pfsync_state_1400); + total_len = msg_len * count; msg_version = PFSYNC_MSG_VERSION_1400; break; default: @@ -1143,7 +1147,7 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) return (-1); } - mp = m_pulldown(m, offset, len, &offp); + mp = m_pulldown(m, offset, total_len, &offp); if (mp == NULL) { V_pfsyncstats.pfsyncs_badlen++; return (-1); @@ -1151,7 +1155,7 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) sa = (union pfsync_state_union *)(mp->m_data + offp); for (i = 0; i < count; i++) { - sp = &sa[i]; + sp = (union pfsync_state_union *)((char *)sa + msg_len * i); /* check for invalid values */ if (sp->pfs_1301.timeout >= PFTM_MAX || @@ -1214,7 +1218,7 @@ pfsync_in_upd(struct mbuf *m, int offset, int count, int flags, int action) PF_STATE_UNLOCK(st); } - return (len); + return (total_len); } static int