| History log of /src/sys/netatalk/at_control.c |
| Revision | | Date | Author | Comments |
| 1.44 |
| 30-Mar-2023 |
riastradh | atalk(4): Don't let userland control sa_len when adding addresses.
- The struct sockaddr_at object accessed by at_ifinit always comes
from an ioctl buffer that is adequately sized and fully initialized
from userland memory.
- The newly created sockaddr_at object is later used with
sockaddr_copy, which requires sa_len to be correctly initialized.
- sa_len is not generally required to be correctly initialized by
userland in most entry points (with some exceptions, e.g. gif(4)
configuration).
I don't know whether existing userland programs initialize sa_len
correctly; if they do, we can verify it matches sizeof(struct
sockaddr_at), but there's no need to copy sa_len then if it is
verified to be that fixed value.
Reported-by: syzbot+fb4e112846e31bc4c09d@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=6e511f97443d681b8917c6258d6463b28b36e8c9
Reported-by: syzbot+dce8a2b69dc06d9d6115@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=e521a01ced5d0bbd363e998b81bc29f3282fd75f
Reported-by: syzbot+705a2a35990549b12c8d@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=b9147d4070e1d240acd27155ce1f863997175517
Reported-by: syzbot+b9c649832cc9b1fdc7d6@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=d5c9ad3d43042ec6e9f7bd30e13a37205e7e0373
Reported-by: syzbot+ac4ab136ca76e8152218@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=349c0c4eded3eff1ff5fc2cd2d88b42806e08a47
Reported-by: syzbot+b75c731d20e46e9543e9@syzkaller.appspotmail.com
https://syzkaller.appspot.com/bug?id=e014d790e218797e217dd590ebe5a3a89e65b627
XXX pullup-8
XXX pullup-9
XXX pullup-10
|
| 1.43 |
| 30-Mar-2023 |
riastradh | atalk(4): Don't abuse queue(9) internals.
|
| 1.42 |
| 21-Sep-2021 |
christos | branches: 1.42.4;
don't opencode kauth_cred_get()
|
| 1.41 |
| 02-Aug-2021 |
andvar | fix various typos in comments and log messages.
|
| 1.40 |
| 17-Feb-2018 |
rjs | branches: 1.40.8;
Add NETATALKDEBUG to the option header and include that in the main source
files.
|
| 1.39 |
| 01-Aug-2016 |
ozaki-r | branches: 1.39.8;
Apply pserialize and psref to struct ifaddr and its variants
This change makes struct ifaddr and its variants (in_ifaddr and in6_ifaddr)
MP-safe by using pserialize and psref. At this moment, pserialize_perform
and psref_target_destroy are disabled because (1) we don't need them
because of softnet_lock (2) they cause a deadlock because of softnet_lock.
So we'll enable them when we remove softnet_lock in the future.
|
| 1.38 |
| 07-Jul-2016 |
ozaki-r | branches: 1.38.2;
Switch the address list of intefaces to pslist(9)
As usual, we leave the old list to avoid breaking kvm(3) users.
|
| 1.37 |
| 18-Oct-2014 |
snj | branches: 1.37.2;
src is too big these days to tolerate superfluous apostrophes. It's
"its", people!
|
| 1.36 |
| 09-Sep-2014 |
rmind | Eliminate IFAREF() and IFAFREE() macros in favour of functions.
|
| 1.35 |
| 01-Jul-2014 |
rtr | fix parameter types in pr_ioctl, called xx_control() functions and remove
abuse of pointer to struct mbuf type.
param2 changed to u_long type and uses parameter name 'cmd' (ioctl command)
param3 changed to void * type and uses parameter name 'data'
param4 changed to struct ifnet * and uses parameter name 'ifp'
param5 has been removed (formerly struct lwp *) and uses of 'l' have been
replaced with curlwp from curproc(9).
callers have had (now unnecessary) casts to struct mbuf * removed, called
code has had (now unnecessary) casts to u_long, void * and struct ifnet *
respectively removed.
reviewed by rmind@
|
| 1.34 |
| 19-Oct-2011 |
dyoung | branches: 1.34.12; 1.34.26;
Use if_addr_init() instead of ifp->if_ioctl().
|
| 1.33 |
| 30-Jan-2010 |
is | Use the symbolic names. No functional change.
|
| 1.32 |
| 18-Apr-2009 |
tsutsui | Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch
|
| 1.31 |
| 18-Mar-2009 |
cegger | bcopy -> memcpy
|
| 1.30 |
| 18-Mar-2009 |
cegger | bzero -> memset
|
| 1.29 |
| 18-Mar-2009 |
cegger | Ansify function definitions w/o arguments. Generated with sed.
|
| 1.28 |
| 14-Mar-2009 |
dsl | Change about 4500 of the K&R function definitions to ANSI ones.
There are still about 1600 left, but they have ',' or /* ... */
in the actual variable definitions - which my awk script doesn't handle.
There are also many that need () -> (void).
(The script does handle misordered arguments.)
|
| 1.27 |
| 07-Nov-2008 |
dyoung | branches: 1.27.4;
*** Summary ***
When a link-layer address changes (e.g., ifconfig ex0 link
02:de:ad:be:ef:02 active), send a gratuitous ARP and/or a Neighbor
Advertisement to update the network-/link-layer address bindings
on our LAN peers.
Refuse a change of ethernet address to the address 00:00:00:00:00:00
or to any multicast/broadcast address. (Thanks matt@.)
Reorder ifnet ioctl operations so that driver ioctls may inherit
the functions of their "class"---ether_ioctl(), fddi_ioctl(), et
cetera---and the class ioctls may inherit from the generic ioctl,
ifioctl_common(), but both driver- and class-ioctls may override
the generic behavior. Make network drivers share more code.
Distinguish a "factory" link-layer address from others for the
purposes of both protecting that address from deletion and computing
EUI64.
Return consistent, appropriate error codes from network drivers.
Improve readability. KNF.
*** Details ***
In if_attach(), always initialize the interface ioctl routine,
ifnet->if_ioctl, if the driver has not already initialized it.
Delete if_ioctl == NULL tests everywhere else, because it cannot
happen.
In the ioctl routines of network interfaces, inherit common ioctl
behaviors by calling either ifioctl_common() or whichever ioctl
routine is appropriate for the class of interface---e.g., ether_ioctl()
for ethernets.
Stop (ab)using SIOCSIFADDR and start to use SIOCINITIFADDR. In
the user->kernel interface, SIOCSIFADDR's argument was an ifreq,
but on the protocol->ifnet interface, SIOCSIFADDR's argument was
an ifaddr. That was confusing, and it would work against me as I
make it possible for a network interface to overload most ioctls.
On the protocol->ifnet interface, replace SIOCSIFADDR with
SIOCINITIFADDR. In ifioctl(), return EPERM if userland tries to
invoke SIOCINITIFADDR.
In ifioctl(), give the interface the first shot at handling most
interface ioctls, and give the protocol the second shot, instead
of the other way around. Finally, let compatibility code (COMPAT_OSOCK)
take a shot.
Pull device initialization out of switch statements under
SIOCINITIFADDR. For example, pull ..._init() out of any switch
statement that looks like this:
switch (...->sa_family) {
case ...:
..._init();
...
break;
...
default:
..._init();
...
break;
}
Rewrite many if-else clauses that handle all permutations of IFF_UP
and IFF_RUNNING to use a switch statement,
switch (x & (IFF_UP|IFF_RUNNING)) {
case 0:
...
break;
case IFF_RUNNING:
...
break;
case IFF_UP:
...
break;
case IFF_UP|IFF_RUNNING:
...
break;
}
unifdef lots of code containing #ifdef FreeBSD, #ifdef NetBSD, and
#ifdef SIOCSIFMTU, especially in fwip(4) and in ndis(4).
In ipw(4), remove an if_set_sadl() call that is out of place.
In nfe(4), reuse the jumbo MTU logic in ether_ioctl().
Let ethernets register a callback for setting h/w state such as
promiscuous mode and the multicast filter in accord with a change
in the if_flags: ether_set_ifflags_cb() registers a callback that
returns ENETRESET if the caller should reset the ethernet by calling
if_init(), 0 on success, != 0 on failure. Pull common code from
ex(4), gem(4), nfe(4), sip(4), tlp(4), vge(4) into ether_ioctl(),
and register if_flags callbacks for those drivers.
Return ENOTTY instead of EINVAL for inappropriate ioctls. In
zyd(4), use ENXIO instead of ENOTTY to indicate that the device is
not any longer attached.
Add to if_set_sadl() a boolean 'factory' argument that indicates
whether a link-layer address was assigned by the factory or some
other source. In a comment, recommend using the factory address
for generating an EUI64, and update in6_get_hw_ifid() to prefer a
factory address to any other link-layer address.
Add a routing message, RTM_LLINFO_UPD, that tells protocols to
update the binding of network-layer addresses to link-layer addresses.
Implement this message in IPv4 and IPv6 by sending a gratuitous
ARP or a neighbor advertisement, respectively. Generate RTM_LLINFO_UPD
messages on a change of an interface's link-layer address.
In ether_ioctl(), do not let SIOCALIFADDR set a link-layer address
that is broadcast/multicast or equal to 00:00:00:00:00:00.
Make ether_ioctl() call ifioctl_common() to handle ioctls that it
does not understand.
In gif(4), initialize if_softc and use it, instead of assuming that
the gif_softc and ifp overlap.
Let ifioctl_common() handle SIOCGIFADDR.
Sprinkle rtcache_invariants(), which checks on DIAGNOSTIC kernels
that certain invariants on a struct route are satisfied.
In agr(4), rewrite agr_ioctl_filter() to be a bit more explicit
about the ioctls that we do not allow on an agr(4) member interface.
bzero -> memset. Delete unnecessary casts to void *. Use
sockaddr_in_init() and sockaddr_in6_init(). Compare pointers with
NULL instead of "testing truth". Replace some instances of (type
*)0 with NULL. Change some K&R prototypes to ANSI C, and join
lines.
|
| 1.26 |
| 30-Apr-2008 |
ad | branches: 1.26.6; 1.26.8;
Back out previous. softnet_lock is no longer held for at_control.
|
| 1.25 |
| 28-Apr-2008 |
ad | Fix hang with atalkd. PR kern/38513.
|
| 1.24 |
| 06-Dec-2007 |
dyoung | branches: 1.24.12; 1.24.16;
Use ifa_insert(), ifa_remove().
|
| 1.23 |
| 05-Dec-2007 |
dyoung | Extract common code, creating a subroutine if_purgeaddrs(ifp,
family, purgeaddr) which applies function `purgeaddr' to each
address on `ifp' belonging to `family'.
|
| 1.22 |
| 05-Dec-2007 |
dyoung | Use IFADDR_FIRST() and IFADDR_NEXT().
|
| 1.21 |
| 05-Dec-2007 |
dyoung | Bring this dead code, aa_clean(), into the 21st century, *shrug*.
Use IFADDR_FOREACH().
|
| 1.20 |
| 01-Sep-2007 |
dyoung | branches: 1.20.6; 1.20.8;
Use ifreq_setaddr(), ifreq_getaddr(), sockaddr_in_init(), and
sockaddr_copy(). Constify. Compare pointers with NULL, not 0.
Don't "test truth" of pointers, but compare with NULL.
|
| 1.19 |
| 09-Jul-2007 |
ad | branches: 1.19.2; 1.19.6; 1.19.8;
Merge some of the less invasive changes from the vmlocking branch:
- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
|
| 1.18 |
| 04-Mar-2007 |
christos | branches: 1.18.2; 1.18.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
| 1.17 |
| 17-Feb-2007 |
dyoung | KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.
Cosmetic: don't open-code TAILQ_FOREACH().
Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.
Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.
Constify:
1 Introduce const accessor for route->ro_dst, rtcache_getdst().
2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.
3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.
4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
|
| 1.16 |
| 25-Oct-2006 |
elad | branches: 1.16.4;
Kill KAUTH_GENERIC_ISSUSER use.
|
| 1.15 |
| 23-Jul-2006 |
ad | branches: 1.15.4; 1.15.6;
Use the LWP cached credentials where sane.
|
| 1.14 |
| 07-Jun-2006 |
kardel | merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
time.tv_sec -> time_second
- struct timeval mono_time is gone
mono_time.tv_sec -> time_uptime
- access to time via
{get,}{micro,nano,bin}time()
get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
|
| 1.13 |
| 14-May-2006 |
elad | branches: 1.13.2;
integrate kauth.
|
| 1.12 |
| 09-Apr-2006 |
christos | Coverity CID 1090: Only check suser if we have a process context.
|
| 1.11 |
| 11-Dec-2005 |
christos | branches: 1.11.4; 1.11.6; 1.11.8; 1.11.10; 1.11.12;
merge ktrace-lwp.
|
| 1.10 |
| 26-Feb-2005 |
perry | branches: 1.10.4;
nuke trailing whitespace
|
| 1.9 |
| 18-Apr-2004 |
matt | branches: 1.9.4; 1.9.6;
Use M_ZERO as appropriate. (fix an improper use of M_WAIT to M_WAITOK)
|
| 1.8 |
| 02-Jun-2003 |
is | branches: 1.8.2;
Make "ifconfig $interface" display phase 1 addresses also.
|
| 1.7 |
| 15-Nov-2001 |
lukem | branches: 1.7.10;
don't need <sys/types.h> when including <sys/param.h>
|
| 1.6 |
| 13-Nov-2001 |
lukem | add RCSIDs
|
| 1.5 |
| 13-Apr-2001 |
thorpej | branches: 1.5.2;
Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.
|
| 1.4 |
| 23-Mar-2000 |
thorpej | branches: 1.4.6;
New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
resource allocation.
- Insertion and removal of callouts is constant time, important as
this facility is used quite a lot in the kernel.
The old timeout()/untimeout() API has been removed from the kernel.
|
| 1.3 |
| 02-Feb-2000 |
thorpej | PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
|
| 1.2 |
| 01-Feb-2000 |
thorpej | First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
work was. This is hard to get right, and we should attack one
protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
purge an ifaddr from a protocol. The old method Bill used didn't work
on all protocols, and it only worked on some because it was Very Lucky.
This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
|
| 1.1 |
| 02-Apr-1997 |
christos | branches: 1.1.14; 1.1.22;
Appletalk networking stack. Code based on netatalk release beta-970220
from toccata.fugue.com. Ported to netbsd by Bill Studenmund.
Changes:
- KNF
- remove endian.h
- adapt to the new arp code.
- fix small biff's with spl/splx.
|
| 1.1.22.2 |
| 21-Apr-2001 |
bouyer | Sync with HEAD
|
| 1.1.22.1 |
| 20-Nov-2000 |
bouyer | Update thorpej_scsipi to -current as of a month ago
|
| 1.1.14.1 |
| 11-Dec-1998 |
kenh | The beginnings of interface detach support. Still some bugs, but mostly
works for me.
This work was originally by Bill Studenmund, and cleaned up by me.
|
| 1.4.6.3 |
| 08-Jan-2002 |
nathanw | Catch up to -current.
|
| 1.4.6.2 |
| 14-Nov-2001 |
nathanw | Catch up to -current.
|
| 1.4.6.1 |
| 21-Jun-2001 |
nathanw | Catch up to -current.
|
| 1.5.2.1 |
| 10-Jan-2002 |
thorpej | Sync kqueue branch with -current.
|
| 1.7.10.1 |
| 19-Jun-2003 |
grant | Pull up revision 1.8 (requested by is in ticket #1313):
Make "ifconfig $interface" display phase 1 addresses also.
|
| 1.8.2.4 |
| 04-Mar-2005 |
skrll | Sync with HEAD.
Hi Perry!
|
| 1.8.2.3 |
| 21-Sep-2004 |
skrll | Fix the sync with head I botched.
|
| 1.8.2.2 |
| 18-Sep-2004 |
skrll | Sync with HEAD.
|
| 1.8.2.1 |
| 03-Aug-2004 |
skrll | Sync with HEAD
|
| 1.9.6.1 |
| 19-Mar-2005 |
yamt | sync with head. xen and whitespace. xen part is not finished.
|
| 1.9.4.1 |
| 29-Apr-2005 |
kent | sync with -current
|
| 1.10.4.5 |
| 07-Dec-2007 |
yamt | sync with head
|
| 1.10.4.4 |
| 03-Sep-2007 |
yamt | sync with head.
|
| 1.10.4.3 |
| 26-Feb-2007 |
yamt | sync with head.
|
| 1.10.4.2 |
| 30-Dec-2006 |
yamt | sync with head.
|
| 1.10.4.1 |
| 21-Jun-2006 |
yamt | sync with head.
|
| 1.11.12.1 |
| 24-May-2006 |
tron | Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
|
| 1.11.10.3 |
| 19-Apr-2006 |
elad | sync with head.
|
| 1.11.10.2 |
| 10-Mar-2006 |
elad | generic_authorize() -> kauth_authorize_generic().
|
| 1.11.10.1 |
| 08-Mar-2006 |
elad | Adapt to kernel authorization KPI.
|
| 1.11.8.4 |
| 11-Aug-2006 |
yamt | sync with head
|
| 1.11.8.3 |
| 26-Jun-2006 |
yamt | sync with head.
|
| 1.11.8.2 |
| 24-May-2006 |
yamt | sync with head.
|
| 1.11.8.1 |
| 11-Apr-2006 |
yamt | sync with head
|
| 1.11.6.3 |
| 01-Jun-2006 |
kardel | Sync with head.
|
| 1.11.6.2 |
| 22-Apr-2006 |
simonb | Sync with head.
|
| 1.11.6.1 |
| 04-Feb-2006 |
simonb | Adapt for timecounters: mostly use get*time(), use bintime's for timeout
calculations and use "time_second" instead of "time.tv_sec".
|
| 1.11.4.1 |
| 09-Sep-2006 |
rpaulo | sync with head
|
| 1.13.2.1 |
| 19-Jun-2006 |
chap | Sync with head.
|
| 1.15.6.1 |
| 10-Dec-2006 |
yamt | sync with head.
|
| 1.15.4.1 |
| 18-Nov-2006 |
ad | Sync with head.
|
| 1.16.4.2 |
| 12-Mar-2007 |
rmind | Sync with HEAD.
|
| 1.16.4.1 |
| 27-Feb-2007 |
yamt | - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
|
| 1.18.4.1 |
| 11-Jul-2007 |
mjf | Sync with head.
|
| 1.18.2.2 |
| 09-Oct-2007 |
ad | Sync with head.
|
| 1.18.2.1 |
| 01-Jul-2007 |
ad | Adapt to callout API change.
|
| 1.19.8.2 |
| 09-Jan-2008 |
matt | sync with HEAD
|
| 1.19.8.1 |
| 06-Nov-2007 |
matt | sync with HEAD
|
| 1.19.6.2 |
| 09-Dec-2007 |
jmcneill | Sync with HEAD.
|
| 1.19.6.1 |
| 03-Sep-2007 |
jmcneill | Sync with HEAD.
|
| 1.19.2.1 |
| 03-Sep-2007 |
skrll | Sync with HEAD.
|
| 1.20.8.1 |
| 08-Dec-2007 |
ad | Sync with head.
|
| 1.20.6.1 |
| 08-Dec-2007 |
mjf | Sync with HEAD.
|
| 1.24.16.2 |
| 11-Mar-2010 |
yamt | sync with head
|
| 1.24.16.1 |
| 04-May-2009 |
yamt | sync with head.
|
| 1.24.12.1 |
| 17-Jan-2009 |
mjf | Sync with HEAD.
|
| 1.26.8.2 |
| 28-Apr-2009 |
skrll | Sync with HEAD.
|
| 1.26.8.1 |
| 19-Jan-2009 |
skrll | Sync with HEAD.
|
| 1.26.6.1 |
| 13-Dec-2008 |
haad | Update haad-dm branch to haad-dm-base2.
|
| 1.27.4.1 |
| 13-May-2009 |
jym | Sync with HEAD.
Commit is split, to avoid a "too many arguments" protocol error.
|
| 1.34.26.1 |
| 10-Aug-2014 |
tls | Rebase.
|
| 1.34.12.2 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.34.12.1 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.37.2.2 |
| 05-Oct-2016 |
skrll | Sync with HEAD
|
| 1.37.2.1 |
| 09-Jul-2016 |
skrll | Sync with HEAD
|
| 1.38.2.1 |
| 06-Aug-2016 |
pgoyette | Sync with HEAD
|
| 1.39.8.1 |
| 31-Jul-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1866):
sys/netatalk/at_control.c: revision 1.44
atalk(4): Don't let userland control sa_len when adding addresses.
- The struct sockaddr_at object accessed by at_ifinit always comes
from an ioctl buffer that is adequately sized and fully initialized
from userland memory.
- The newly created sockaddr_at object is later used with
sockaddr_copy, which requires sa_len to be correctly initialized.
- sa_len is not generally required to be correctly initialized by
userland in most entry points (with some exceptions, e.g. gif(4)
configuration).
I don't know whether existing userland programs initialize sa_len
correctly; if they do, we can verify it matches sizeof(struct
sockaddr_at), but there's no need to copy sa_len then if it is
verified to be that fixed value.
|
| 1.40.8.1 |
| 31-Jul-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1684):
sys/netatalk/at_control.c: revision 1.44
atalk(4): Don't let userland control sa_len when adding addresses.
- The struct sockaddr_at object accessed by at_ifinit always comes
from an ioctl buffer that is adequately sized and fully initialized
from userland memory.
- The newly created sockaddr_at object is later used with
sockaddr_copy, which requires sa_len to be correctly initialized.
- sa_len is not generally required to be correctly initialized by
userland in most entry points (with some exceptions, e.g. gif(4)
configuration).
I don't know whether existing userland programs initialize sa_len
correctly; if they do, we can verify it matches sizeof(struct
sockaddr_at), but there's no need to copy sa_len then if it is
verified to be that fixed value.
|
| 1.42.4.2 |
| 31-Jul-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #278):
sys/netatalk/ddp_output.c: revision 1.22
sys/compat/common/if_43.c: revision 1.27
sys/netatalk/ddp_input.c: revision 1.34
sys/netatalk/at_control.c: revision 1.43
atalk(4): Don't abuse queue(9) internals.
atalk(4): Omit spurious satosat.
The input is already a struct sockaddr_at pointer.
|
| 1.42.4.1 |
| 31-Jul-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #276):
sys/netatalk/at_control.c: revision 1.44
atalk(4): Don't let userland control sa_len when adding addresses.
- The struct sockaddr_at object accessed by at_ifinit always comes
from an ioctl buffer that is adequately sized and fully initialized
from userland memory.
- The newly created sockaddr_at object is later used with
sockaddr_copy, which requires sa_len to be correctly initialized.
- sa_len is not generally required to be correctly initialized by
userland in most entry points (with some exceptions, e.g. gif(4)
configuration).
I don't know whether existing userland programs initialize sa_len
correctly; if they do, we can verify it matches sizeof(struct
sockaddr_at), but there's no need to copy sa_len then if it is
verified to be that fixed value.
|
