upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-04-24 23:57:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Kristof Provost 7f3ad01804 pf_get_sport(): Prevent possible endless loop when searching for an unused nat port 
This is an import of Alexander Bluhm's OpenBSD commit r1.60,
the first chunk had to be modified because on OpenBSD the
'cut' declaration is located elsewhere.

Upstream report by Jingmin Zhou:
https://marc.info/?l=openbsd-pf&m=150020133510896&w=2

OpenBSD commit message:
 Use a 32 bit variable to detect integer overflow when searching for
 an unused nat port.  Prevents a possible endless loop if high port
 is 65535 or low port is 0.
 report and analysis Jingmin Zhou; OK sashan@ visa@
Quoted from: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf_lb.c

PR:		221201
Submitted by:	Fabian Keil <fk@fabiankeil.de>
Obtained from:  OpenBSD via ElectroBSD
MFC after:	1 week
2017-08-08 21:09:26 +00:00
..
amd64 Fail to open efirt device when no EFI on system. 2017-08-08 20:44:16 +00:00
arm arm: Add a GENERIC-NODEBUG kernel config 2017-08-03 19:01:46 +00:00
arm64 Mark each cpu in the appropriate cpuset_domain set. This allows devices to 2017-08-05 20:57:34 +00:00
boot libefi/time.c cstyle cleanup 2017-08-05 05:20:03 +00:00
bsm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
cam Add nvd alias to nda ndoes. 2017-08-07 21:12:43 +00:00
cddl MFV r322242: 8373 TXG_WAIT in ZIL commit path 2017-08-08 11:26:03 +00:00
compat Fix few issues of LinuxKPI workqueue. 2017-08-08 19:36:34 +00:00
conf cxgbe(4): Add the T6 and T5 Unified Wire configuration files to the 2017-08-07 14:04:19 +00:00
contrib Fix matchcing of NATed ICMP queries (resolving NATed MTU discovery). 2017-08-05 00:28:42 +00:00
crypto Remove register keyword from sys/ and ANSIfy prototypes 2017-05-17 00:34:34 +00:00
ddb Include opt files in the kernel with "" instead of <>. 2017-07-10 05:08:01 +00:00
dev Turns out to be even simpler to just not create /dev/efi if we don't 2017-08-08 21:01:11 +00:00
fs Bump the maximum file name length in pseudofs filesystems to 48. 2017-08-03 21:35:53 +00:00
gdb
geom Eliminate useless adjustments of aliased device. 2017-08-07 22:42:46 +00:00
gnu Update DTS files from Linux 4.12 2017-07-09 13:53:32 +00:00
i386 Detect hypervisors early. We used to set lower hz on hypervisors by default 2017-08-05 06:56:46 +00:00
isa Protect access to the AT realtime clock with its own mutex. 2017-07-12 02:42:57 +00:00
kern Make p1003_1b.aio_listio_max a tunable 2017-08-08 16:14:31 +00:00
kgssapi
libkern arm64: add ".arch armv8-a+crc" to allow use of crc instructions 2017-06-08 20:06:09 +00:00
mips [ar71xx] get rid of ath_pci - it's built as a module now. 2017-07-28 01:17:38 +00:00
modules o Replace __riscv__ with __riscv 2017-08-07 14:09:57 +00:00
net Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
net80211 sys/net8021: Add missing braces in setcurchan(). 2017-08-01 03:13:43 +00:00
netgraph Check return value from soaccept(). 2017-06-14 16:13:20 +00:00
netinet After inpcb route caching was put back in place there is no need for 2017-07-27 13:03:36 +00:00
netinet6 After inpcb route caching was put back in place there is no need for 2017-07-27 13:03:36 +00:00
netipsec Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook 2017-07-31 11:04:35 +00:00
netpfil pf_get_sport(): Prevent possible endless loop when searching for an unused nat port 2017-08-08 21:09:26 +00:00
netsmb
nfs Improve FHA locality control for NFS read/write requests. 2017-07-31 15:23:19 +00:00
nfsclient Add an NFSv4.1 mount option for "use one openowner". 2017-04-13 21:54:19 +00:00
nfsserver Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nlm Commit the 64-bit inode project. 2017-05-23 09:29:05 +00:00
ofed Change reject message type when destroying cm_id in ibore. 2017-08-03 09:31:10 +00:00
opencrypto Use const with some read-only buffers in opencrypto APIs. 2017-05-09 18:28:42 +00:00
powerpc Add cpufreq support for P1022 and MPC8536 2017-07-21 03:40:05 +00:00
riscv Clean up MD pollution of bus_dma.h: 2017-07-01 05:35:29 +00:00
rpc Listening sockets improvements. 2017-06-08 21:30:34 +00:00
security Correct bitwise test in mac_bsdextended ugidfw_rule_valid() 2017-06-13 01:17:58 +00:00
sparc64 Clean up MD pollution of bus_dma.h: 2017-07-01 05:35:29 +00:00
sys o Replace __riscv__ with __riscv 2017-08-07 14:09:57 +00:00
teken Oops, my fix for bright colors broke bright black some more (in cases 2017-03-27 10:48:28 +00:00
tests style(9): sort headers 2017-05-09 05:08:47 +00:00
tools make.conf: Add the possibility to use another DTC 2017-06-17 23:34:53 +00:00
ufs Avoid reading a snapshot block when it is already in the cache. 2017-07-31 20:41:45 +00:00
vm Mark pages after EOF as clean after pageout. 2017-07-26 20:07:05 +00:00
x86 Detect hypervisors early. We used to set lower hz on hypervisors by default 2017-08-05 06:56:46 +00:00
xdr * limit size of buffers to RPC_MAXDATASIZE 2017-06-01 06:12:25 +00:00
xen xenstore: fix suspension when using the xenstore device 2017-03-07 09:17:48 +00:00
Makefile Remove glimpse make target added in r181432 2017-05-22 15:53:30 +00:00