CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Cy Schubert <cy@FreeBSD.org>
	Tue, 9 Jan 2018 06:43:58 +0000 (06:43 +0000)
committer	Cy Schubert <cy@FreeBSD.org>
	Tue, 9 Jan 2018 06:43:58 +0000 (06:43 +0000)
commit	bdb0c28072cc57c6afb0db5fa07c2af3ba5316fa
tree	a11a0d906a81042190fa1f2a760e88749f575116	tree \| snapshot
parent	4b42739b37b32e9932839ae261ba932726d09f10	commit \| diff

When growing the state, also grow the seed array. Otherwise memory
that was not allocated will be accessed.

This necessitated refactoring state seed allocation from
ipf_state_soft_init() into a new common ipf_state_seed_alloc() function
as it is now also used by ipf_state_rehash() when changing the size of
the state hash table in addition to by ipf_state_soft_init() during
initialization.

According to Christos Zoulas <christos@NetBSD.org>:

The bug was encountered by a NetBSD vendor who's customer machines had
large ipfilter states. The bug was reliably triggered by resizing the
state variables using "ipf -T".

Submitted by: Christos Zoulas <christos@NetBSD.org>
Reviewed by: delphij, rgrimes
Obtained from: NetBSD ip_state.c CVS revs r1.9 and r1.10
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D13755