diff options
author | Sebastian Benoit <benno@cvs.openbsd.org> | 2013-04-27 16:39:31 +0000 |
---|---|---|
committer | Sebastian Benoit <benno@cvs.openbsd.org> | 2013-04-27 16:39:31 +0000 |
commit | 2ede15cd56c58c354b4214916f8643dcc7405319 (patch) | |
tree | cd94c638ee5351aa0dbfd190f693e1df5d8581f4 /usr.sbin/relayd | |
parent | 0102d4c98e115230a27f56786e74fd0a9b3586f1 (diff) |
time_t 64bit fixes for relayd and relayctl:
- fix statistics
- set INT_MAX limit on session timeouts
- make sure we dont use to large session timeouts in pf redirects and
openssl
tested with old and new time_t
ok florian@
Diffstat (limited to 'usr.sbin/relayd')
-rw-r--r-- | usr.sbin/relayd/parse.y | 14 | ||||
-rw-r--r-- | usr.sbin/relayd/pfe_filter.c | 4 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 6 | ||||
-rw-r--r-- | usr.sbin/relayd/relayd.h | 4 |
4 files changed, 19 insertions, 9 deletions
diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index 4e709790b7d..7735d99409b 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.169 2013/03/04 08:41:32 sthen Exp $ */ +/* $OpenBSD: parse.y,v 1.170 2013/04/27 16:39:30 benno Exp $ */ /* * Copyright (c) 2007-2011 Reyk Floeter <reyk@openbsd.org> @@ -532,7 +532,11 @@ rdroptsl : forwardmode TO tablespec interface { } | SESSION TIMEOUT NUMBER { if ((rdr->conf.timeout.tv_sec = $3) < 0) { - yyerror("invalid timeout: %d", $3); + yyerror("invalid timeout: %lld", $3); + YYERROR; + } + if (rdr->conf.timeout.tv_sec > INT_MAX) { + yyerror("timeout too large: %lld", $3); YYERROR; } } @@ -1367,7 +1371,11 @@ relayoptsl : LISTEN ON STRING port optssl { } | SESSION TIMEOUT NUMBER { if ((rlay->rl_conf.timeout.tv_sec = $3) < 0) { - yyerror("invalid timeout: %d", $3); + yyerror("invalid timeout: %lld", $3); + YYERROR; + } + if (rlay->rl_conf.timeout.tv_sec > INT_MAX) { + yyerror("timeout too large: %lld", $3); YYERROR; } } diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 1bdc302f22d..1bc11f38e4e 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.52 2012/10/19 16:49:50 reyk Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.53 2013/04/27 16:39:30 benno Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -443,7 +443,7 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) if (rio.rule.proto == IPPROTO_TCP) rio.rule.timeout[PFTM_TCP_ESTABLISHED] = - rdr->conf.timeout.tv_sec; + (u_int32_t)MIN(rdr->conf.timeout.tv_sec, INT_MAX); if (strlen(rdr->conf.tag)) (void)strlcpy(rio.rule.tagname, rdr->conf.tag, diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index a55db691cde..3f0cc4e9b6d 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.132 2012/11/29 01:01:53 bluhm Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.133 2013/04/27 16:39:30 benno Exp $ .\" .\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org> .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 29 2012 $ +.Dd $Mdocdate: April 27 2013 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -501,6 +501,7 @@ interface on the host with this address. .It Ic session timeout Ar seconds Specify the inactivity timeout in seconds for established redirections. The default timeout is 600 seconds (10 minutes). +The maximum is 2147483647 seconds (68 years). .It Ic sticky-address This has the same effect as specifying sticky-address for an rdr-to rule in @@ -677,6 +678,7 @@ section below. .It Ic session timeout Ar seconds Specify the inactivity timeout in seconds for accepted sessions. The default timeout is 600 seconds (10 minutes). +The maximum is 2147483647 seconds (68 years). .El .Sh PROTOCOLS Protocols are templates defining actions and settings for relays. diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index e9c7f98003b..85934cb1b2e 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.167 2013/03/10 23:32:53 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.168 2013/04/27 16:39:30 benno Exp $ */ /* * Copyright (c) 2006 - 2012 Reyk Floeter <reyk@openbsd.org> @@ -230,7 +230,7 @@ struct ctl_stats { objid_t id; int proc; - u_int interval; + u_int64_t interval; u_int64_t cnt; u_int32_t tick; u_int32_t avg; |