d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Do not leak read lock in IP_FW_TABLE_GETSIZE case of ipfw_ctl().

Browse Source 
- Acquire read (not write) lock in case of IP_FW_TABLE_LIST.

In collaboration with:	ru
This commit is contained in:
glebius 2006-03-03 12:10:59 +00:00
parent 9665ebce69
commit 3c6ea150e2
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/netinet/ip_fw2.c
View File

@ -1847,8 +1847,6 @@ dump_table(struct ip_fw_chain *ch, ipfw_table *tbl)
{
struct radix_node_head *rnh;
IPFW_WLOCK_ASSERT(ch);
if (tbl->tbl >= IPFW_TABLES_MAX)
return (EINVAL);
rnh = ch->tables[tbl->tbl];
@ -3988,9 +3986,10 @@ ipfw_ctl(struct sockopt *sopt)
sizeof(tbl))))
break;
IPFW_RLOCK(&layer3_chain);
if ((error = count_table(&layer3_chain, tbl, &cnt)))
break;
error = count_table(&layer3_chain, tbl, &cnt);
IPFW_RUNLOCK(&layer3_chain);
if (error)
break;
error = sooptcopyout(sopt, &cnt, sizeof(cnt));
}
break;
@ -4016,14 +4015,13 @@ ipfw_ctl(struct sockopt *sopt)
}
tbl->size = (size - sizeof(*tbl)) /
sizeof(ipfw_table_entry);
IPFW_WLOCK(&layer3_chain);
IPFW_RLOCK(&layer3_chain);
error = dump_table(&layer3_chain, tbl);
IPFW_RUNLOCK(&layer3_chain);
if (error) {
IPFW_WUNLOCK(&layer3_chain);
free(tbl, M_TEMP);
break;
}
IPFW_WUNLOCK(&layer3_chain);
error = sooptcopyout(sopt, tbl, size);
free(tbl, M_TEMP);
}