NetBSD Problem Report #55179
From www@netbsd.org Wed Apr 15 10:17:25 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 308721A9219
for <gnats-bugs@gnats.NetBSD.org>; Wed, 15 Apr 2020 10:17:25 +0000 (UTC)
Message-Id: <20200415101724.0BF411A924B@mollari.NetBSD.org>
Date: Wed, 15 Apr 2020 10:17:24 +0000 (UTC)
From: hashikaw@mail.ru
Reply-To: hashikaw@mail.ru
To: gnats-bugs@NetBSD.org
Subject: ipfilter ip_state.c's problem
X-Send-Pr-Version: www-1.0
>Number: 55179
>Category: kern
>Synopsis: ipfilter ip_state.c's problem
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Apr 15 10:20:00 +0000 2020
>Last-Modified: Sat Feb 27 14:10:01 +0000 2021
>Originator: Kouichi Hashikawa
>Release: 9.0-RELEASE
>Organization:
>Environment:
NetBSD kalinka 9.0 NetBSD 9.0 (GENERIC) #0: Fri Feb 14 00:06:28 UTC 2020 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
I think dp = ntohs(fin->fin_dport) may be dp = htons(fin->fin_dport),
at src/sys/external/bsd/ipf/netinet/ip_state.c:2414.
(but, same result)
--------
sp = 0;
dp = 0;
if (tcp != NULL) {
sp = htons(fin->fin_sport);
dp = ntohs(fin->fin_dport);
}
...
if (rev == 0) {
if ((IP6_EQ(&is->is_dst, dst) || (flags & SI_W_DADDR)) &&
(IP6_EQ(&is->is_src, src) || (flags & SI_W_SADDR))) {
if (tcp) {
if ((sp == is->is_sport || flags & SI_W_SPORT)
&&
(dp == is->is_dport || flags & SI_W_DPORT))
ret = 1;
--------
>How-To-Repeat:
always
>Fix:
I think following patch will fix problem.
(and replace fin_sport, fin_dpost to fin_data, used only one time
at ip_state.c)
--- ip_state.c-dist 2020-01-12 16:09:10.000000000 +0900
+++ ip_state.c 2020-04-15 00:47:19.333611016 +0900
@@ -2410,8 +2410,8 @@
dp = 0;
if (tcp != NULL) {
- sp = htons(fin->fin_sport);
- dp = ntohs(fin->fin_dport);
+ sp = htons(fin->fin_data[0]);
+ dp = htons(fin->fin_data[1]);
}
if (!rev) {
if (tcp != NULL) {
>Release-Note:
>Audit-Trail:
From: =?UTF-8?B?S291aWNoaSBIYXNoaWthd2E=?= <hashikaw@mail.ru>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/55179: ipfilter ip_state.c's problem
Date: Sat, 18 Apr 2020 03:04:14 +0300
Sorry, the reason I think this is a problem, comparing same value (is->is_sport or is->dport) to
sp (htons) or dp (ntohs).
--------
if (tcp != NULL) {
sp = htons(fin->fin_sport);
dp = ntohs(fin->fin_dport);
}
...
/*
* Match addresses and ports.
*/
if (rev == 0) {
if ((IP6_EQ(&is->is_dst, dst) || (flags & SI_W_DADDR)) &&
(IP6_EQ(&is->is_src, src) || (flags & SI_W_SADDR))) {
if (tcp) {
if ((sp == is->is_sport || flags & SI_W_SPORT) <-------
&&
(dp == is->is_dport || flags & SI_W_DPORT)) <-------
ret = 1;
} else {
ret = 1;
}
}
} else {
if ((IP6_EQ(&is->is_dst, src) || (flags & SI_W_DADDR)) &&
(IP6_EQ(&is->is_src, dst) || (flags & SI_W_SADDR))) {
if (tcp) {
if ((dp == is->is_sport || flags & SI_W_SPORT) <-------
&&
(sp == is->is_dport || flags & SI_W_DPORT)) <-------
ret = 1;
} else {
ret = 1;
}
}
}
--------
>Wednesday, April 15, 2020 7:20 PM +09:00 from gnats-admin@netbsd.org:
>
>Thank you very much for your problem report.
>It has the internal identification `kern/55179'.
>The individual assigned to look at your
>report is: kern-bug-people.
>
>>Category: kern
>>Responsible: kern-bug-people
>>Synopsis: ipfilter ip_state.c's problem
>>Arrival-Date: Wed Apr 15 10:20:00 +0000 2020
--
Kouichi Hashikawa <hashikaw@mail.ru>
From: Christos Zoulas <christos@zoulas.com>
To: Kouichi Hashikawa <hashikaw@mail.ru>
Cc: gnats-bugs@netbsd.org,
kern-bug-people@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/55179: ipfilter ip_state.c's problem
Date: Sat, 18 Apr 2020 13:03:47 -0400
--Apple-Mail=_E0EC186C-1253-4CDE-874B-32FE8B433C4D
Content-Type: multipart/alternative;
boundary="Apple-Mail=_206AB399-EB41-4E53-A2E5-B7F864DF6CE6"
--Apple-Mail=_206AB399-EB41-4E53-A2E5-B7F864DF6CE6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
I think this is correct: sp, dp are in network byte order and so is:
% fgrep is_sport\ =3D *.c
ip_state.c: is->is_sport =3D htons(fin->fin_data[0]);
ip_state.c: is->is_sport =3D htons(fin->fin_data[0]);
ip_state.c: is->is_sport =3D sp;
ip_state.c: is->is_sport =3D dp;
I fixed the inconsistency the the tcp !=3D NULL case, but that's =
cosmetic.
christos
> On Apr 17, 2020, at 8:04 PM, Kouichi Hashikawa <hashikaw@mail.ru> =
wrote:
>=20
>=20
>=20
> Sorry, the reason I think this is a problem, comparing same value =
(is->is_sport or is->dport) to
>=20
> sp (htons) or dp (ntohs).
>=20
>=20
>=20
> --------
>=20
> if (tcp !=3D NULL) {
> sp =3D htons(fin->fin_sport);
> dp =3D ntohs(fin->fin_dport);
> }
>=20
> =E2=80=A6
>=20
> /*
> * Match addresses and ports.
> */
> if (rev =3D=3D 0) {
> if ((IP6_EQ(&is->is_dst, dst) || (flags & SI_W_DADDR)) =
&&
> (IP6_EQ(&is->is_src, src) || (flags & =
SI_W_SADDR))) {
>=20
> if (tcp) {
> if ((sp =3D=3D is->is_sport || flags & =
SI_W_SPORT) <-------
> &&
> (dp =3D=3D is->is_dport || flags & =
SI_W_DPORT)) <-------
> ret =3D 1;
>=20
> } else {
> ret =3D 1;
> }
> }
> } else {
> if ((IP6_EQ(&is->is_dst, src) || (flags & SI_W_DADDR)) =
&&
> (IP6_EQ(&is->is_src, dst) || (flags & =
SI_W_SADDR))) {
> if (tcp) {
> if ((dp =3D=3D is->is_sport || flags & =
SI_W_SPORT) <-------
> &&
> (sp =3D=3D is->is_dport || flags & =
SI_W_DPORT)) <-------
> ret =3D 1;
> } else {
> ret =3D 1;
> }
> }
> }
>=20
> --------
>=20
>=20
>=20
>=20
>=20
> Wednesday, April 15, 2020 7:20 PM +09:00 from gnats-admin@netbsd.org:
> Thank you very much for your problem report.
> It has the internal identification `kern/55179'.
> The individual assigned to look at your
> report is: kern-bug-people.
>=20
>=20
> >Category: kern
> >Responsible: kern-bug-people
> >Synopsis: ipfilter ip_state.c's problem
> >Arrival-Date: Wed Apr 15 10:20:00 +0000 2020
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> --
> Kouichi Hashikawa <hashikaw@mail.ru>
>=20
>=20
>=20
>=20
>=20
>=20
> <sanitizer.log>
--Apple-Mail=_206AB399-EB41-4E53-A2E5-B7F864DF6CE6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;" class=3D"">I =
think this is correct: sp, dp are in network byte order and so is:<div =
class=3D"">% fgrep is_sport\ =3D *.c</div><div class=3D"">ip_state.c: =
is->is_sport =3D =
htons(fin->fin_data[0]);<div class=3D"">ip_state.c: =
is->is_sport =3D =
htons(fin->fin_data[0]);</div><div class=3D"">ip_state.c: =
=
is->is_sport =3D sp;</div><div =
class=3D"">ip_state.c: =
is->is_sport =3D =
dp;</div><div class=3D""><br class=3D""></div><div class=3D"">I fixed =
the inconsistency the the tcp !=3D NULL case, but that's =
cosmetic.</div><div class=3D""><br class=3D""></div><div =
class=3D"">christos</div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D"">On Apr 17, 2020, at 8:04 PM, Kouichi =
Hashikawa <<a href=3D"mailto:hashikaw@mail.ru" =
class=3D"">hashikaw@mail.ru</a>> wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D"">
<div class=3D""><p class=3D""><defanged_div =
class=3D""></defanged_div></p><p class=3D""><defanged_div =
class=3D""> </defanged_div></p><defanged_div class=3D""><p =
class=3D""><defanged_div class=3D"">Sorry, the reason I think this is a =
problem, comparing same value (is->is_sport or is->dport) =
to</defanged_div></p><defanged_div class=3D""><p class=3D""><defanged_div =
class=3D"">sp (htons) or dp (ntohs).</defanged_div></p><defanged_div =
class=3D""><p class=3D""><defanged_div =
class=3D""> </defanged_div></p><defanged_div class=3D""><p =
class=3D""><defanged_div =
class=3D"">--------</defanged_div></p><defanged_div class=3D""><p =
class=3D""><defanged_div class=3D""></defanged_div></p><p =
class=3D""><defanged_div =
class=3D""> if (tcp !=3D NULL) =
{<br =
class=3D""> &nb=
sp; sp =3D htons(fin->fin_sport);<br =
class=3D""> &nb=
sp; dp =3D ntohs(fin->fin_dport);<br =
class=3D""> =
}</defanged_div></p><defanged_div class=3D""><p class=3D""><defanged_div =
class=3D"">=E2=80=A6</defanged_div></p><defanged_div class=3D""><p =
class=3D""><defanged_div class=3D""></defanged_div></p><p =
class=3D""><defanged_div =
class=3D""> /*<br =
class=3D""> * Match =
addresses and ports.<br =
class=3D""> */<br =
class=3D""> if (rev =3D=3D 0) =
{<br =
class=3D""> &nb=
sp; if ((IP6_EQ(&is->is_dst, dst) || =
(flags & SI_W_DADDR)) &&<br =
class=3D""> &nb=
sp; =
(IP6_EQ(&is->is_src, src) || (flags & SI_W_SADDR))) =
{</defanged_div></p><defanged_div class=3D""><p class=3D""><defanged_div =
class=3D""></defanged_div></p><p class=3D""><defanged_div =
class=3D""> &nb=
sp;  =
; if (tcp) {<br =
class=3D""> &nb=
sp;  =
; if ((sp =3D=3D =
is->is_sport || flags & SI_W_SPORT) =
<-------<br =
class=3D""> &nb=
sp;  =
; =
&&<br =
class=3D""> &nb=
sp;  =
; =
(dp =3D=3D is->is_dport || flags & SI_W_DPORT)) =
<-------<br =
class=3D""> &nb=
sp;  =
; &=
nbsp; ret =3D 1;</defanged_div></p><defanged_div =
class=3D""><p class=3D""><defanged_div class=3D""></defanged_div></p><p =
class=3D""><defanged_div =
class=3D""> &nb=
sp;  =
; } else {<br =
class=3D""> &nb=
sp;  =
; ret =3D 1;<br =
class=3D""> &nb=
sp;  =
; }<br =
class=3D""> &nb=
sp; }<br =
class=3D""> } else {<br =
class=3D""> &nb=
sp; if ((IP6_EQ(&is->is_dst, src) || =
(flags & SI_W_DADDR)) &&<br =
class=3D""> &nb=
sp; =
(IP6_EQ(&is->is_src, dst) || (flags & SI_W_SADDR))) {<br =
class=3D""> &nb=
sp;  =
; if (tcp) {<br =
class=3D""> &nb=
sp;  =
; if ((dp =3D=3D =
is->is_sport || flags & SI_W_SPORT) =
<-------<br =
class=3D""> &nb=
sp;  =
; =
&&<br =
class=3D""> &nb=
sp;  =
; =
(sp =3D=3D is->is_dport || flags & SI_W_DPORT)) =
<-------<br =
class=3D""> &nb=
sp;  =
; &=
nbsp; ret =3D 1;<br =
class=3D""> &nb=
sp;  =
; } else {<br =
class=3D""> &nb=
sp;  =
; ret =3D 1;<br =
class=3D""> &nb=
sp;  =
; }<br =
class=3D""> &nb=
sp; }<br =
class=3D""> =
}</defanged_div></p><defanged_div class=3D""><p class=3D""><defanged_div =
class=3D""> --------</defanged_div></p><defanged_div class=3D""><div =
class=3D""><br class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><defanged_div class=3D""><div =
class=3D""><br class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""><blockquote data-darkreader-inline-border-left=3D"" =
defanged_style=3D"border-left: 1px solid rgb(8, 87, 166); margin: 10px; =
padding: 0px 0px 0px 10px; --darkreader-inline-border-left:#0a6cce;" =
class=3D"">Wednesday, April 15, 2020 7:20 PM +09:00 from <a =
href=3D"mailto:gnats-admin@netbsd.org" =
class=3D"">gnats-admin@netbsd.org</a>:<br class=3D""><p =
class=3D""><defanged_div id=3D"" class=3D""></defanged_div></p><p =
class=3D""><defanged_div class=3D"js-helper =
js-readmsg-msg"><defanged_style type=3D"text/css" =
class=3D""></defanged_style><defanged_style class=3D"darkreader =
darkreader--sync" media=3D"screen" =
type=3D"text/css"></defanged_style></defanged_div></p><p =
class=3D""><defanged_div class=3D""></defanged_div></p><p =
class=3D""><defanged_div id=3D"style_15869460051008274250_BODY" =
class=3D"">Thank you very much for your problem report.<br class=3D"">It =
has the internal identification `kern/55179'.<br class=3D"">The =
individual assigned to look at your<br class=3D"">report is: =
kern-bug-people.<br class=3D""> </defanged_div></p><p =
class=3D""><defanged_div class=3D"mail-quote-collapse">>Category: =
kern<br class=3D"">>Responsible: kern-bug-people<br =
class=3D"">>Synopsis: ipfilter ip_state.c's problem<br =
class=3D"">>Arrival-Date: Wed Apr 15 10:20:00 <defanged_span =
class=3D"js-phone-number">+0000 =
2020</defanged_span></defanged_div></p><defanged_div class=3D""><div =
class=3D""><br class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><defanged_div class=3D""><div =
class=3D""><br class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""></defanged_div></defanged_div></defanged_div></defanged_div></d=
efanged_div></blockquote><p class=3D""><defanged_div =
class=3D""> </defanged_div></p><defanged_div class=3D""><p =
class=3D""><defanged_div data-signature-widget=3D"container" =
class=3D""></defanged_div></p><p class=3D""><defanged_div =
data-signature-widget=3D"content" class=3D""></defanged_div></p><p =
class=3D""><defanged_div class=3D"">--<br class=3D"">Kouichi Hashikawa =
<<a href=3D"mailto:hashikaw@mail.ru" =
class=3D"">hashikaw@mail.ru</a>></defanged_div></p><defanged_div =
class=3D""><div class=3D""><br =
class=3D"webkit-block-placeholder"></div><defanged_div class=3D""><div =
class=3D""><br class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""><p class=3D""><defanged_div =
class=3D""> </defanged_div></p><defanged_div class=3D""><div =
class=3D""><br class=3D"webkit-block-placeholder"></div><defanged_div =
class=3D""></defanged_div></defanged_div></defanged_div></defanged_div></d=
efanged_div></defanged_div></defanged_div></defanged_div></defanged_div></=
defanged_div></defanged_div></defanged_div></defanged_div></defanged_div><=
/defanged_div></defanged_div></defanged_div></defanged_div></defanged_div>=
</defanged_div></defanged_div></div>
<span =
id=3D"cid:05CE5A54-6742-4D5F-90FD-A5B537FA78BF@astron.com"><sanitizer.l=
og></span></div></blockquote></div><br class=3D""></div></body></html>=
--Apple-Mail=_206AB399-EB41-4E53-A2E5-B7F864DF6CE6--
--Apple-Mail=_E0EC186C-1253-4CDE-874B-32FE8B433C4D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCXpsy8wAKCRBxESqxbLM7
OsqFAJ9ufExhBibWE0rzTP9F2EDhT/BSNwCeIT6SUdjY9eCKYI/YfIMjuuyUExY=
=vfYB
-----END PGP SIGNATURE-----
--Apple-Mail=_E0EC186C-1253-4CDE-874B-32FE8B433C4D--
From: Kouichi Hashikawa <hashikaw@mail.ru>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/55179: ipfilter ip_state.c's problem
Date: Fri, 15 May 2020 06:28:36 +0900
Thank you.
Please close this PR.
And please pull-up to 9 branch.
--=20
Kouichi Hashikawa <hashikaw@mail.ru>
> 2020/04/19 2:05=E3=80=81Christos Zoulas <christos@zoulas.com>=E3=81=AE=E3=83=
=A1=E3=83=BC=E3=83=AB:
>=20
> =EF=BB=BFThe following reply was made to PR kern/55179; it has been noted b=
y GNATS.
>=20
> From: Christos Zoulas <christos@zoulas.com>
> To: Kouichi Hashikawa <hashikaw@mail.ru>
> Cc: gnats-bugs@netbsd.org,
> kern-bug-people@netbsd.org,
> gnats-admin@netbsd.org,
> netbsd-bugs@netbsd.org
> Subject: Re: kern/55179: ipfilter ip_state.c's problem
> Date: Sat, 18 Apr 2020 13:03:47 -0400
>=20
> --Apple-Mail=3D_E0EC186C-1253-4CDE-874B-32FE8B433C4D
> Content-Type: multipart/alternative;
> boundary=3D"Apple-Mail=3D_206AB399-EB41-4E53-A2E5-B7F864DF6CE6"
>=20
>=20
> --Apple-Mail=3D_206AB399-EB41-4E53-A2E5-B7F864DF6CE6
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/plain;
> charset=3Dutf-8
>=20
> I think this is correct: sp, dp are in network byte order and so is:
> % fgrep is_sport\ =3D3D *.c
> ip_state.c: is->is_sport =3D3D htons(fin->fin_data[0]);
> ip_state.c: is->is_sport =3D3D htons(fin->fin_data[0]);
> ip_state.c: is->is_sport =3D3D sp;
> ip_state.c: is->is_sport =3D3D dp;
>=20
> I fixed the inconsistency the the tcp !=3D3D NULL case, but that's =3D
> cosmetic.
>=20
> christos
>=20
>=20
>=20
>=20
>>> On Apr 17, 2020, at 8:04 PM, Kouichi Hashikawa <hashikaw@mail.ru> =3D
>> wrote:
>> =3D20
>> =3D20
>> =3D20
>> Sorry, the reason I think this is a problem, comparing same value =3D
> (is->is_sport or is->dport) to
>> =3D20
>> sp (htons) or dp (ntohs).
>> =3D20
>> =3D20
>> =3D20
>> --------
>> =3D20
>> if (tcp !=3D3D NULL) {
>> sp =3D3D htons(fin->fin_sport);
>> dp =3D3D ntohs(fin->fin_dport);
>> }
>> =3D20
>> =3DE2=3D80=3DA6
>> =3D20
>> /*
>> * Match addresses and ports.
>> */
>> if (rev =3D3D=3D3D 0) {
>> if ((IP6_EQ(&is->is_dst, dst) || (flags & SI_W_DADDR)) =3D=
> &&
>> (IP6_EQ(&is->is_src, src) || (flags & =3D
> SI_W_SADDR))) {
>> =3D20
>> if (tcp) {
>> if ((sp =3D3D=3D3D is->is_sport || flags &=
=3D
> SI_W_SPORT) <-------
>> &&
>> (dp =3D3D=3D3D is->is_dport || flags &=
=3D
> SI_W_DPORT)) <-------
>> ret =3D3D 1;
>> =3D20
>> } else {
>> ret =3D3D 1;
>> }
>> }
>> } else {
>> if ((IP6_EQ(&is->is_dst, src) || (flags & SI_W_DADDR)) =3D=
> &&
>> (IP6_EQ(&is->is_src, dst) || (flags & =3D
> SI_W_SADDR))) {
>> if (tcp) {
>> if ((dp =3D3D=3D3D is->is_sport || flags &=
=3D
> SI_W_SPORT) <-------
>> &&
>> (sp =3D3D=3D3D is->is_dport || flags &=
=3D
> SI_W_DPORT)) <-------
>> ret =3D3D 1;
>> } else {
>> ret =3D3D 1;
>> }
>> }
>> }
>> =3D20
>> --------
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> Wednesday, April 15, 2020 7:20 PM +09:00 from gnats-admin@netbsd.org:
>> Thank you very much for your problem report.
>> It has the internal identification `kern/55179'.
>> The individual assigned to look at your
>> report is: kern-bug-people.
>> =3D20
>> =3D20
>>> Category: kern
>>> Responsible: kern-bug-people
>>> Synopsis: ipfilter ip_state.c's problem
>>> Arrival-Date: Wed Apr 15 10:20:00 +0000 2020
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> --
>> Kouichi Hashikawa <hashikaw@mail.ru>
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> =3D20
>> <sanitizer.log>
>=20
>=20
> --Apple-Mail=3D_206AB399-EB41-4E53-A2E5-B7F864DF6CE6
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/html;
> charset=3Dutf-8
>=20
> <html><head><meta http-equiv=3D3D"Content-Type" content=3D3D"text/html; =3D=
> charset=3D3Dutf-8"></head><body style=3D3D"word-wrap: break-word; =3D
> -webkit-nbsp-mode: space; line-break: after-white-space;" class=3D3D"">I =3D=
> think this is correct: sp, dp are in network byte order and so is:<div =3D=
> class=3D3D"">% fgrep is_sport\ =3D3D *.c</div><div class=3D3D"">ip_state.c=
: =3D
> is->is_sport =3D3D =3D
> htons(fin->fin_data[0]);<div class=3D3D"">ip_state.c: =3D=
> is->is_sport =3D3D =3D
> htons(fin->fin_data[0]);</div><div class=3D3D"">ip_state.c: =3D
> =3D
> is->is_sport =3D3D sp;</div><div =3D
> class=3D3D"">ip_state.c: =3D=
> is->is_sport =3D3D =3D=
> dp;</div><div class=3D3D""><br class=3D3D""></div><div class=3D3D"">I fixe=
d =3D
> the inconsistency the the tcp !=3D3D NULL case, but that's =3D
> cosmetic.</div><div class=3D3D""><br class=3D3D""></div><div =3D
> class=3D3D"">christos</div><div class=3D3D""><br class=3D3D""></div><div =3D=
> class=3D3D""><br class=3D3D""></div><div class=3D3D""><br =3D
> class=3D3D""></div><div><br class=3D3D""><blockquote type=3D3D"cite" =3D
> class=3D3D""><div class=3D3D"">On Apr 17, 2020, at 8:04 PM, Kouichi =3D
> Hashikawa <<a href=3D3D"mailto:hashikaw@mail.ru" =3D
> class=3D3D"">hashikaw@mail.ru</a>> wrote:</div><br =3D
> class=3D3D"Apple-interchange-newline"><div class=3D3D"">
> <div class=3D3D""><p class=3D3D""><defanged_div =3D
> class=3D3D""></defanged_div></p><p class=3D3D""><defanged_div =3D
> class=3D3D""> </defanged_div></p><defanged_div class=3D3D""><p =3D
> class=3D3D""><defanged_div class=3D3D"">Sorry, the reason I think this is a=
=3D
> problem, comparing same value (is->is_sport or is->dport) =3D
> to</defanged_div></p><defanged_div class=3D3D""><p class=3D3D""><defanged_=
div =3D
> class=3D3D"">sp (htons) or dp (ntohs).</defanged_div></p><defanged_div =3D=
> class=3D3D""><p class=3D3D""><defanged_div =3D
> class=3D3D""> </defanged_div></p><defanged_div class=3D3D""><p =3D
> class=3D3D""><defanged_div =3D
> class=3D3D"">--------</defanged_div></p><defanged_div class=3D3D""><p =3D
> class=3D3D""><defanged_div class=3D3D""></defanged_div></p><p =3D
> class=3D3D""><defanged_div =3D
> class=3D3D""> if (tcp !=3D3D NUL=
L) =3D
> {<br =3D
> class=3D3D""> &=
nb=3D
> sp; sp =3D3D htons(fin->fin_sport);<br =3D
> class=3D3D""> &=
nb=3D
> sp; dp =3D3D ntohs(fin->fin_dport);<br =3D
> class=3D3D""> =3D
> }</defanged_div></p><defanged_div class=3D3D""><p class=3D3D""><defanged_d=
iv =3D
> class=3D3D"">=3DE2=3D80=3DA6</defanged_div></p><defanged_div class=3D3D"">=
<p =3D
> class=3D3D""><defanged_div class=3D3D""></defanged_div></p><p =3D
> class=3D3D""><defanged_div =3D
> class=3D3D""> /*<br =3D
> class=3D3D""> * Match =3D
> addresses and ports.<br =3D
> class=3D3D""> */<br =3D
> class=3D3D""> if (rev =3D3D=3D3D=
0) =3D
> {<br =3D
> class=3D3D""> &=
nb=3D
> sp; if ((IP6_EQ(&is->is_dst, dst) || =3D
> (flags & SI_W_DADDR)) &&<br =3D
> class=3D3D""> &=
nb=3D
> sp; =3D
> (IP6_EQ(&is->is_src, src) || (flags & SI_W_SADDR))) =3D
> {</defanged_div></p><defanged_div class=3D3D""><p class=3D3D""><defanged_d=
iv =3D
> class=3D3D""></defanged_div></p><p class=3D3D""><defanged_div =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; if (tcp) {<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; if ((sp =3D3D=3D3D =3D
> is->is_sport || flags & SI_W_SPORT) =3D
> <-------<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; =3D=
> &&<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; =3D=
> (dp =3D3D=3D3D is->is_dport || flags & SI_W_DPORT)) =3D=
> <-------<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; &=
=3D
> nbsp; ret =3D3D 1;</defanged_div></p><defanged_div =3D
> class=3D3D""><p class=3D3D""><defanged_div class=3D3D""></defanged_div></p=
><p =3D
> class=3D3D""><defanged_div =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; } else {<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; ret =3D3D 1;<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; }<br =3D
> class=3D3D""> &=
nb=3D
> sp; }<br =3D
> class=3D3D""> } else {<br =3D
> class=3D3D""> &=
nb=3D
> sp; if ((IP6_EQ(&is->is_dst, src) || =3D
> (flags & SI_W_DADDR)) &&<br =3D
> class=3D3D""> &=
nb=3D
> sp; =3D
> (IP6_EQ(&is->is_src, dst) || (flags & SI_W_SADDR))) {<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; if (tcp) {<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; if ((dp =3D3D=3D3D =3D
> is->is_sport || flags & SI_W_SPORT) =3D=
> <-------<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; =3D=
> &&<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; =3D=
> (sp =3D3D=3D3D is->is_dport || flags & SI_W_DPORT)) =3D=
> <-------<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; &=
=3D
> nbsp; ret =3D3D 1;<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; } else {<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; ret =3D3D 1;<br =3D
> class=3D3D""> &=
nb=3D
> sp;  =
=3D
> ; }<br =3D
> class=3D3D""> &=
nb=3D
> sp; }<br =3D
> class=3D3D""> =3D
> }</defanged_div></p><defanged_div class=3D3D""><p class=3D3D""><defanged_d=
iv =3D
> class=3D3D""> --------</defanged_div></p><defanged_div class=3D3D""><=
div =3D
> class=3D3D""><br class=3D3D"webkit-block-placeholder"></div><defanged_div =3D=
> class=3D3D""><div class=3D3D""><br =3D
> class=3D3D"webkit-block-placeholder"></div><defanged_div class=3D3D""><div=
=3D
> class=3D3D""><br class=3D3D"webkit-block-placeholder"></div><defanged_div =3D=
> class=3D3D""><div class=3D3D""><br =3D
> class=3D3D"webkit-block-placeholder"></div><defanged_div =3D
> class=3D3D""><blockquote data-darkreader-inline-border-left=3D3D"" =3D
> defanged_style=3D3D"border-left: 1px solid rgb(8, 87, 166); margin: 10px; =3D=
> padding: 0px 0px 0px 10px; --darkreader-inline-border-left:#0a6cce;" =3D
> class=3D3D"">Wednesday, April 15, 2020 7:20 PM +09:00 from <a =3D
> href=3D3D"mailto:gnats-admin@netbsd.org" =3D
> class=3D3D"">gnats-admin@netbsd.org</a>:<br class=3D3D""><p =3D
> class=3D3D""><defanged_div id=3D3D"" class=3D3D""></defanged_div></p><p =3D=
> class=3D3D""><defanged_div class=3D3D"js-helper =3D
> js-readmsg-msg"><defanged_style type=3D3D"text/css" =3D
> class=3D3D""></defanged_style><defanged_style class=3D3D"darkreader =3D
> darkreader--sync" media=3D3D"screen" =3D
> type=3D3D"text/css"></defanged_style></defanged_div></p><p =3D
> class=3D3D""><defanged_div class=3D3D""></defanged_div></p><p =3D
> class=3D3D""><defanged_div id=3D3D"style_15869460051008274250_BODY" =3D
> class=3D3D"">Thank you very much for your problem report.<br class=3D3D"">=
It =3D
> has the internal identification `kern/55179'.<br class=3D3D"">The =3D
> individual assigned to look at your<br class=3D3D"">report is: =3D
> kern-bug-people.<br class=3D3D""> </defanged_div></p><p =3D
> class=3D3D""><defanged_div class=3D3D"mail-quote-collapse">>Category: =3D=
> kern<br class=3D3D"">>Responsible: kern-bug-people<br =3D
> class=3D3D"">>Synopsis: ipfilter ip_state.c's problem<br =3D
> class=3D3D"">>Arrival-Date: Wed Apr 15 10:20:00 <defanged_span =3D
> class=3D3D"js-phone-number">+0000 =3D
> 2020</defanged_span></defanged_div></p><defanged_div class=3D3D""><div =3D=
> class=3D3D""><br class=3D3D"webkit-block-placeholder"></div><defanged_div =3D=
> class=3D3D""><div class=3D3D""><br =3D
> class=3D3D"webkit-block-placeholder"></div><defanged_div class=3D3D""><div=
=3D
> class=3D3D""><br class=3D3D"webkit-block-placeholder"></div><defanged_div =3D=
> class=3D3D""><div class=3D3D""><br =3D
> class=3D3D"webkit-block-placeholder"></div><defanged_div =3D
> class=3D3D""></defanged_div></defanged_div></defanged_div></defanged_div><=
/d=3D
> efanged_div></blockquote><p class=3D3D""><defanged_div =3D
> class=3D3D""> </defanged_div></p><defanged_div class=3D3D""><p =3D
> class=3D3D""><defanged_div data-signature-widget=3D3D"container" =3D
> class=3D3D""></defanged_div></p><p class=3D3D""><defanged_div =3D
> data-signature-widget=3D3D"content" class=3D3D""></defanged_div></p><p =3D=
> class=3D3D""><defanged_div class=3D3D"">--<br class=3D3D"">Kouichi Hashika=
wa =3D
> <<a href=3D3D"mailto:hashikaw@mail.ru" =3D
> class=3D3D"">hashikaw@mail.ru</a>></defanged_div></p><defanged_div =3D
> class=3D3D""><div class=3D3D""><br =3D
> class=3D3D"webkit-block-placeholder"></div><defanged_div class=3D3D""><div=
=3D
> class=3D3D""><br class=3D3D"webkit-block-placeholder"></div><defanged_div =3D=
> class=3D3D""><p class=3D3D""><defanged_div =3D
> class=3D3D""> </defanged_div></p><defanged_div class=3D3D""><div =3D
> class=3D3D""><br class=3D3D"webkit-block-placeholder"></div><defanged_div =3D=
> class=3D3D""></defanged_div></defanged_div></defanged_div></defanged_div><=
/d=3D
> efanged_div></defanged_div></defanged_div></defanged_div></defanged_div></=
=3D
> defanged_div></defanged_div></defanged_div></defanged_div></defanged_div><=
=3D
> /defanged_div></defanged_div></defanged_div></defanged_div></defanged_div>=
=3D
> </defanged_div></defanged_div></div>
> <span =3D
> id=3D3D"cid:05CE5A54-6742-4D5F-90FD-A5B537FA78BF@astron.com"><sanitizer=
.l=3D
> og></span></div></blockquote></div><br class=3D3D""></div></body></html=
>=3D
>=20
> --Apple-Mail=3D_206AB399-EB41-4E53-A2E5-B7F864DF6CE6--
>=20
> --Apple-Mail=3D_E0EC186C-1253-4CDE-874B-32FE8B433C4D
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
> filename=3Dsignature.asc
> Content-Type: application/pgp-signature;
> name=3Dsignature.asc
> Content-Description: Message signed with OpenPGP
>=20
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
>=20
> iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCXpsy8wAKCRBxESqxbLM7
> OsqFAJ9ufExhBibWE0rzTP9F2EDhT/BSNwCeIT6SUdjY9eCKYI/YfIMjuuyUExY=3D
> =3DvfYB
> -----END PGP SIGNATURE-----
>=20
> --Apple-Mail=3D_E0EC186C-1253-4CDE-874B-32FE8B433C4D--
>=20
From: Kouichi Hashikawa <hashikaw@mail.ru>
To: gnats-bugs@netbsd.org
Cc: christos@netbsd.org
Subject: Re: kern/55179: ipfilter ip_state.c's problem
Date: Sat, 27 Feb 2021 23:05:46 +0900
> I fixed the inconsistency the the tcp != NULL case, but that's cosmetic.
>
Thank you applying patch.
Please pull-up to netbsd-9 branch, and close the problem.
--
Kouichi Hashikawa
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.