Author: kp
Date: Tue Dec 25 12:45:46 2018
New Revision: 342459
URL: https://svnweb.freebsd.org/changeset/base/342459
Log:
MFC r341833:
pf: Prevent integer overflow in PF when calculating the adaptive timeout.
Mainly states of established TCP connections would be affected resulting
in immediate state removal once the number of states is bigger than
adaptive.start. Disabling adaptive timeouts is a workaround to avoid this
bug.
Issue found and initial diff by Mathieu Blanc (mathieu.blanc at cea dot fr)
Reported by: Andreas Longwitz <longwitz AT incore.de>
Obtained from: OpenBSD
Modified:
stable/12/sys/netpfil/pf/pf.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/pf/pf.c
==============================================================================
--- stable/12/sys/netpfil/pf/pf.c Tue Dec 25 11:08:53 2018
(r342458)
+++ stable/12/sys/netpfil/pf/pf.c Tue Dec 25 12:45:46 2018
(r342459)
@@ -1567,9 +1567,11 @@ pf_state_expires(const struct pf_state *state)
states = V_pf_status.states;
}
if (end && states > start && start < end) {
- if (states < end)
- return (state->expire + timeout * (end - states) /
- (end - start));
+ if (states < end) {
+ timeout = (u_int64_t)timeout * (end - states) /
+ (end - start);
+ return (state->expire + timeout);
+ }
else
return (time_uptime);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
