[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Patch for pfil 2.1.5 Solaris possible uninitialized variables
From:       John Wehle <john () feith ! com>
Date:       2005-02-22 21:54:41
Message-ID: 200502222154.j1MLsfZ1004113 () jwlab ! FEITH ! COM
[Download RAW message or body]

IP Filter bug report form.
--------------------------
IP Filter Version: 4.1.5
Operating System Version: Solaris 10 x86
Configuration: LKM

Description of problem:

pfil_precheck has:

        if (sap == ETHERTYPE_IP) {
           set various variables
        }
        else if (sap == IP6_DL_SAP) {
           set various variables
        }
        else {
          sap = -1;
          hlen = 0;
        }

        use various variables.

as a result uninitialized variables may be used if sap != ETHERTYPE_IP
and sap != IP6_DL_SAP.

How to repeat:

The enclosed * lightly tested * patch to SunOS/pfildrv.c fixes the problem.


*** SunOS/pfildrv.c.ORIGINAL	Tue Feb 22 16:30:00 2005
--- SunOS/pfildrv.c	Tue Feb 22 16:34:32 2005
*************** forced_copy:
*** 687,693 ****
  	}
  #endif 
  	else {
- 		hlen = 0;
  		sap = -1;
  	}
  
--- 687,692 ----
*************** forced_copy:
*** 695,700 ****
--- 694,700 ----
  #if SOLARIS2 >= 8
  	    || ((sap == IP6_DL_SAP) && (((ip6->ip6_vfc) & 0xf0) != 0x60))
  #endif
+ 	    || sap == -1
  	   ) {
  		atomic_add_long(&qif->qf_notip, 1);
  #ifdef PFILDEBUG

-- John
-------------------------------------------------------------------------
|   Feith Systems  |   Voice: 1-215-646-8000  |  Email: john@feith.com  |
|    John Wehle    |     Fax: 1-215-540-5495  |                         |
-------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]