[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kern/72393: missing break after case AF_INET6 in key_sockaddrcmp

>Number:         72393
>Category:       kern
>Synopsis:       missing break after case AF_INET6 in key_sockaddrcmp
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 06 17:10:23 GMT 2004
>Originator:     Richard Andrades
>Release:        4.9-RELEASE
UTStarcom, Inc.
FreeBSD mobomom.nj.us.utstar.com 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Mon Dec  8 19:07:51 EST 2003     root_(_at_)_x7_(_dot_)_nj_(_dot_)_us_(_dot_)_utstar_(_dot_)_com:/usr/src/sys/compile/GENERIC_ROCKETPORT  i386
The function key_sockaddrcmp(). has the following problem. If the 
function is called with the parameter port = 0, meaning that the 
port number should not be used in the address comparison, at the
end of the successful comparison of the test of the address structure, 
the test control will fall through to the default case which can
fail due to a difference in the port number.

Fund it while debugging the code for an unrelated problem. It can
probably be reproduced by installing a policy that is intended to
cover all ports and sending packets with different port numbers.
FILE: src/sys/netkey/key.c
static int
key_sockaddrcmp(sa1, sa2, port)
	struct sockaddr *sa1;
	struct sockaddr *sa2;
	int port;

	case AF_INET6:
		if (port &&
		    satosin6(sa1)->sin6_port != satosin6(sa2)->sin6_port) {
			return 1;
                break; /**** BUGFIX Add this missing break */
		if (bcmp(sa1, sa2, sa1->sa_len) != 0)
			return 1;

Although I found this with version 4.9, I checked the codebase
and the problem is still present in the latest version.


Visit your host, monkey.org