diff options
| author | Luigi Rizzo <luigi@FreeBSD.org> | 2016-01-27 02:08:30 +0000 |
|---|---|---|
| committer | Luigi Rizzo <luigi@FreeBSD.org> | 2016-01-27 02:08:30 +0000 |
| commit | 788c0c66ab544e923dc6db04c3687f6189815ee3 (patch) | |
| tree | 6803f2ad971a06000a9b9cc93e2fed21d258d0a2 /sys/netpfil | |
| parent | 5444d429b979d34a691d2373891e4ed28de6f63f (diff) | |
| download | src-788c0c66ab544e923dc6db04c3687f6189815ee3.tar.gz src-788c0c66ab544e923dc6db04c3687f6189815ee3.zip | |
bugfix: the scheduler template (dn_schk) for the round robin scheduler
is followed by another structure (rr_schk) whose size must be set
in the schk_datalen field of the descriptor.
Not allocating the memory may cause other memory to be overwritten
(though dn_schk is 192 bytes and rr_schk only 12 so we may be lucky
and end up in the padding after the dn_schk).
This is a merge candidate for stable and 10.3
MFC after: 3 days
Notes
Notes:
svn path=/head/; revision=294879
Diffstat (limited to 'sys/netpfil')
| -rw-r--r-- | sys/netpfil/ipfw/dn_sched_rr.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netpfil/ipfw/dn_sched_rr.c b/sys/netpfil/ipfw/dn_sched_rr.c index 63e525a2b7a0..16649a82e638 100644 --- a/sys/netpfil/ipfw/dn_sched_rr.c +++ b/sys/netpfil/ipfw/dn_sched_rr.c @@ -294,7 +294,7 @@ static struct dn_alg rr_desc = { _SI( .name = ) "RR", _SI( .flags = ) DN_MULTIQUEUE, - _SI( .schk_datalen = ) 0, + _SI( .schk_datalen = ) sizeof(struct rr_schk), _SI( .si_datalen = ) sizeof(struct rr_si), _SI( .q_datalen = ) sizeof(struct rr_queue) - sizeof(struct dn_queue), @@ -311,5 +311,6 @@ static struct dn_alg rr_desc = { _SI( .free_queue = ) rr_free_queue, }; +_Static_assert(sizeof(struct dn_schk) < 193, "a"); DECLARE_DNSCHED_MODULE(dn_rr, &rr_desc); |