summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorDavid Gwynne <dlg@cvs.openbsd.org>2009-06-10 00:03:56 +0000
committerDavid Gwynne <dlg@cvs.openbsd.org>2009-06-10 00:03:56 +0000
commit19c5da633829eca27eb250512b0dd33a5e9a3de2 (patch)
treefcd73234afd908b64a52e52b8c8276b96c750ff0 /sys/net
parent17ce14df1013fdd4a80a2bdc367ae8a2aacfc60c (diff)
jj reported a panic in bulk updates to me. this is my attempt to fix the
most obvious problem. if the state table is empty, we'd deref a null pointer. tested on my firewalls with big state tables, so existing use cases still work.
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/if_pfsync.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/sys/net/if_pfsync.c b/sys/net/if_pfsync.c
index b63691f0ed1..1f2ed6fdc1f 100644
--- a/sys/net/if_pfsync.c
+++ b/sys/net/if_pfsync.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: if_pfsync.c,v 1.123 2009/05/13 01:09:05 dlg Exp $ */
+/* $OpenBSD: if_pfsync.c,v 1.124 2009/06/10 00:03:55 dlg Exp $ */
/*
* Copyright (c) 2002 Michael Shalayeff
@@ -2218,19 +2218,22 @@ pfsync_bulk_start(void)
printf("pfsync: received bulk update request\n");
pfsync_bulk_status(PFSYNC_BUS_START);
- pfsync_bulk_update(sc);
+ timeout_add(&sc->sc_bulk_tmo, 0);
}
void
pfsync_bulk_update(void *arg)
{
struct pfsync_softc *sc = arg;
- struct pf_state *st = sc->sc_bulk_next;
+ struct pf_state *st;
int i = 0;
int s;
s = splsoftnet();
- do {
+
+ st = sc->sc_bulk_next;
+
+ while (st != sc->sc_bulk_last) {
if (st->sync_state == PFSYNC_S_NONE &&
st->timeout < PFTM_MAX &&
st->pfsync_time <= sc->sc_ureq_received) {
@@ -2247,7 +2250,7 @@ pfsync_bulk_update(void *arg)
timeout_add(&sc->sc_bulk_tmo, 1);
goto out;
}
- } while (st != sc->sc_bulk_last);
+ }
/* we're done */
sc->sc_bulk_next = NULL;