From 6d3c367d9c7a82ba68f0d51aed4b61ba2c973e57 Mon Sep 17 00:00:00 2001 From: Marius Strobl Date: Wed, 28 Dec 2016 23:34:28 +0000 Subject: [PATCH] Fix a bug in r272840; given that the optlen parameter of setsockopt(2) is a 32-bit socklen_t, do_get3() passes the kernel to access the wrong 32-bit half on big-endian LP64 machines when simply casting the 64-bit size_t optlen to a socklen_t pointer. While at it and given that the intention of do_get3() apparently is to hide/wrap the fact that socket options are used for communication with ipfw(4), change the optlen parameter of do_set3() to be of type size_t and as such more appropriate than uintptr_t, too. MFC after: 3 days --- sbin/ipfw/ipfw2.c | 8 +++++--- sbin/ipfw/ipfw2.h | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/sbin/ipfw/ipfw2.c b/sbin/ipfw/ipfw2.c index 9d040e614d7..7a8519a3dfe 100644 --- a/sbin/ipfw/ipfw2.c +++ b/sbin/ipfw/ipfw2.c @@ -591,7 +591,7 @@ do_cmd(int optname, void *optval, uintptr_t optlen) * Returns 0 on success or errno otherwise. */ int -do_set3(int optname, ip_fw3_opheader *op3, uintptr_t optlen) +do_set3(int optname, ip_fw3_opheader *op3, size_t optlen) { if (co.test_only) @@ -621,6 +621,7 @@ int do_get3(int optname, ip_fw3_opheader *op3, size_t *optlen) { int error; + socklen_t len; if (co.test_only) return (0); @@ -632,8 +633,9 @@ do_get3(int optname, ip_fw3_opheader *op3, size_t *optlen) op3->opcode = optname; - error = getsockopt(ipfw_socket, IPPROTO_IP, IP_FW3, op3, - (socklen_t *)optlen); + len = *optlen; + error = getsockopt(ipfw_socket, IPPROTO_IP, IP_FW3, op3, &len); + *optlen = len; return (error); } diff --git a/sbin/ipfw/ipfw2.h b/sbin/ipfw/ipfw2.h index efcdde9c422..0b63e3ba429 100644 --- a/sbin/ipfw/ipfw2.h +++ b/sbin/ipfw/ipfw2.h @@ -329,7 +329,7 @@ void print_flags_buffer(char *buf, size_t sz, struct _s_x *list, uint32_t set); struct _ip_fw3_opheader; int do_cmd(int optname, void *optval, uintptr_t optlen); -int do_set3(int optname, struct _ip_fw3_opheader *op3, uintptr_t optlen); +int do_set3(int optname, struct _ip_fw3_opheader *op3, size_t optlen); int do_get3(int optname, struct _ip_fw3_opheader *op3, size_t *optlen); struct in6_addr;