svn commit: r193896 - head/sys/netinet/ipfw

Wed, 10 Jun 2009 04:14:51 -0700 

Author: luigi
Date: Wed Jun 10 10:47:31 2009
New Revision: 193896
URL: http://svn.freebsd.org/changeset/base/193896

Log:
  in ip_dn_ctl(), do not allocate a large structure on the stack,
  and use malloc() instead if/when it is necessary.
  
  The problem is less relevant in previous versions because
  the variable involved (tmp_pipe) is much smaller there.
  Still worth fixing though.
  
  Submitted by: Marta Carbone (GSOC)
  MFC after:    3 days

Modified:
  head/sys/netinet/ipfw/ip_dummynet.c

Modified: head/sys/netinet/ipfw/ip_dummynet.c
==============================================================================
--- head/sys/netinet/ipfw/ip_dummynet.c Wed Jun 10 10:39:41 2009        
(r193895)
+++ head/sys/netinet/ipfw/ip_dummynet.c Wed Jun 10 10:47:31 2009        
(r193896)
@@ -2165,9 +2165,8 @@ dummynet_get(struct sockopt *sopt)
 static int
 ip_dn_ctl(struct sockopt *sopt)
 {
-    int error = 0 ;
-    struct dn_pipe *p;
-    struct dn_pipe_max tmp_pipe;       /* pipe + large buffer */
+    int error;
+    struct dn_pipe *p = NULL;
 
     error = priv_check(sopt->sopt_td, PRIV_NETINET_DUMMYNET);
     if (error)
@@ -2188,7 +2187,8 @@ ip_dn_ctl(struct sockopt *sopt)
     switch (sopt->sopt_name) {
     default :
        printf("dummynet: -- unknown option %d", sopt->sopt_name);
-       return EINVAL ;
+       error = EINVAL ;
+       break;
 
     case IP_DUMMYNET_GET :
        error = dummynet_get(sopt);
@@ -2199,25 +2199,27 @@ ip_dn_ctl(struct sockopt *sopt)
        break ;
 
     case IP_DUMMYNET_CONFIGURE :
-       p = (struct dn_pipe *)&tmp_pipe ;
-       error = sooptcopyin(sopt, p, sizeof(tmp_pipe), sizeof *p);
+       p = malloc(sizeof(struct dn_pipe_max), M_TEMP, M_WAITOK);
+       error = sooptcopyin(sopt, p, sizeof(struct dn_pipe_max), sizeof *p);
        if (error)
            break ;
        if (p->samples_no > 0)
-           p->samples = &tmp_pipe.samples[0];
+           p->samples = &(((struct dn_pipe_max *)p)->samples[0]);
 
        error = config_pipe(p);
        break ;
 
     case IP_DUMMYNET_DEL :     /* remove a pipe or queue */
-       p = (struct dn_pipe *)&tmp_pipe ;
-       error = sooptcopyin(sopt, p, sizeof *p, sizeof *p);
+       p = malloc(sizeof(struct dn_pipe), M_TEMP, M_WAITOK);
+       error = sooptcopyin(sopt, p, sizeof(struct dn_pipe), sizeof *p);
        if (error)
            break ;
 
        error = delete_pipe(p);
        break ;
     }
+    if (p != NULL)
+       free(p, M_TEMP);
     return error ;
 }
 
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to