NetBSD Problem Report #54670

From www@netbsd.org  Fri Nov  1 13:12:42 2019
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id A964F7A161
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  1 Nov 2019 13:12:42 +0000 (UTC)
Message-Id: <20191101131241.CCAF57A25C@mollari.NetBSD.org>
Date: Fri,  1 Nov 2019 13:12:41 +0000 (UTC)
From: lfo@ceres.ne.jp
Reply-To: lfo@ceres.ne.jp
To: gnats-bugs@NetBSD.org
Subject: npfctl: bugs related tcp flags
X-Send-Pr-Version: www-1.0

>Number:         54670
>Category:       bin
>Synopsis:       npfctl: bugs related tcp flags
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Nov 01 13:15:00 +0000 2019
>Closed-Date:    Mon May 25 17:36:59 +0000 2020
>Last-Modified:  Mon May 25 17:36:59 +0000 2020
>Originator:     Azuma OKAMOTO
>Release:        6, 7, 8, 9, current
>Organization:
>Environment:
NetBSD gw.home.ceres.ne.jp 9.0_BETA NetBSD 9.0_BETA (GENERIC) #6: Wed Sep 11 21:59:29 JST 2019  root@gw.home.ceres.ne.jp:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
There is no problem in practical use.

1. Ambiguous whether the letter corresponding to tcp flag TH_CWR is 'W' or 'C'

In npf.conf, letter 'W' is interpreted as TH_CWR.

src/usr.sbin/npf/npfctl/npf_data.c
npfctl_parse_tcpflag()
> case 'W': tfl |= TH_CWR; break;

But, 'npfctl show' shows it 'C'.

src/usr.sbin/npf/npfctl/npf_show.c
tcpflags2string()
> if (tfl & TH_CWR)       buf[i++] = 'C';


2. Buffer shortage

The buffer for tcpflags allocated 16 bytes.
src/usr.sbin/npf/npfctl/npf_show.c
print_tcpflags()
> char buf[16];

But, it may be used 17 bytes in the following cases:

FSRPAUE/FSRPAUEW (and trailing \0)
>How-To-Repeat:
Add a rule including 'flags FSRPAUE/FSRPAUEW' in /etc/npf.conf.
Run 'npfctl show'.

(Only 1-byte overrun does not always cause segmentation fault.)
>Fix:

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/54670 CVS commit: src/usr.sbin/npf/npfctl
Date: Fri, 1 Nov 2019 09:58:32 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Fri Nov  1 13:58:32 UTC 2019

 Modified Files:
 	src/usr.sbin/npf/npfctl: npf_show.c

 Log Message:
 PR/54670: Azuma OKAMOTO: Consistently use 'W' for TH_CWN, and bump buffer
 size.


 To generate a diff of this commit:
 cvs rdiff -u -r1.29 -r1.30 src/usr.sbin/npf/npfctl/npf_show.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 21 Apr 2020 17:26:59 +0000
State-Changed-Why:
Does this fix (to -current) resolve your issue?


From: Azuma OKAMOTO <lfo@ceres.ne.jp>
To: gnats-bugs@netbsd.org, maya@NetBSD.org
Cc: 
Subject: Re: bin/54670 (npfctl: bugs related tcp flags)
Date: Thu, 23 Apr 2020 12:11:35 +0900

  > cvs rdiff -u -r1.29 -r1.30 src/usr.sbin/npf/npfctl/npf_show.c

 It works well. Thanks.

 On 2020/04/22 2:26, maya@NetBSD.org wrote:
 > Synopsis: npfctl: bugs related tcp flags
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: maya@NetBSD.org
 > State-Changed-When: Tue, 21 Apr 2020 17:26:59 +0000
 > State-Changed-Why:
 > Does this fix (to -current) resolve your issue?
 > 
 > 
 > 

State-Changed-From-To: feedback->needs-pullups
State-Changed-By: maya@NetBSD.org
State-Changed-When: Thu, 23 Apr 2020 14:42:02 +0000
State-Changed-Why:
Add to todo pile


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/54670 CVS commit: [netbsd-9] src/usr.sbin/npf/npfctl
Date: Mon, 25 May 2020 17:27:19 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Mon May 25 17:27:19 UTC 2020

 Modified Files:
 	src/usr.sbin/npf/npfctl [netbsd-9]: npf_show.c

 Log Message:
 Pull up following revision(s) (requested by rmind in ticket #931):

 	usr.sbin/npf/npfctl/npf_show.c: revision 1.30

 PR/54670: Azuma OKAMOTO: Consistently use 'W' for TH_CWN, and bump buffer
 size.


 To generate a diff of this commit:
 cvs rdiff -u -r1.28.2.2 -r1.28.2.3 src/usr.sbin/npf/npfctl/npf_show.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: needs-pullups->closed
State-Changed-By: rmind@NetBSD.org
State-Changed-When: Mon, 25 May 2020 17:36:59 +0000
State-Changed-Why:
Fixed.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.