From 9aeef6b50d23a9f430b65c6f3454d14db0083832 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 26 Oct 2007 16:42:18 +1000 Subject: [PATCH] - otto@cvs.openbsd.org 2005/10/17 20:19:42 [openbsd-compat/sys-queue.h] Performing certain operations on queue.h data structurs produced funny results. An example is calling LIST_REMOVE on the same element twice. This will not fail, but result in a data structure referencing who knows what. Prevent these accidents by NULLing some fields on remove and replace. This way, either a panic or segfault will be produced on the faulty operation. --- ChangeLog | 10 +++++++++- openbsd-compat/sys-queue.h | 15 ++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 83724f34a..c027f3f79 100644 --- a/ChangeLog +++ b/ChangeLog @@ -102,6 +102,14 @@ - deraadt@cvs.openbsd.org 2005/02/25 13:29:30 [openbsd-compat/sys-queue.h] minor white spacing + - otto@cvs.openbsd.org 2005/10/17 20:19:42 + [openbsd-compat/sys-queue.h] + Performing certain operations on queue.h data structurs produced + funny results. An example is calling LIST_REMOVE on the same + element twice. This will not fail, but result in a data structure + referencing who knows what. Prevent these accidents by NULLing some + fields on remove and replace. This way, either a panic or segfault + will be produced on the faulty operation. - (djm) [regress/sftp-cmds.sh] Use more restrictive glob to pick up test files from /bin - some platforms ship broken symlinks there which could spoil the test. @@ -3378,4 +3386,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4787 2007/10/26 06:41:14 djm Exp $ +$Id: ChangeLog,v 1.4788 2007/10/26 06:42:18 djm Exp $ diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h index 61e4ca7b0..ee2ce30bf 100644 --- a/openbsd-compat/sys-queue.h +++ b/openbsd-compat/sys-queue.h @@ -1,4 +1,4 @@ -/* $OpenBSD: queue.h,v 1.27 2005/02/25 13:29:30 deraadt Exp $ */ +/* $OpenBSD: queue.h,v 1.28 2005/10/17 20:19:42 otto Exp $ */ /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ /* @@ -236,6 +236,7 @@ struct { \ curelm = curelm->field.sle_next; \ curelm->field.sle_next = \ curelm->field.sle_next->field.sle_next; \ + (elm)->field.sle_next = NULL; \ } \ } while (0) @@ -303,6 +304,8 @@ struct { \ (elm)->field.le_next->field.le_prev = \ (elm)->field.le_prev; \ *(elm)->field.le_prev = (elm)->field.le_next; \ + (elm)->field.le_prev = NULL; \ + (elm)->field.le_next = NULL; \ } while (0) #define LIST_REPLACE(elm, elm2, field) do { \ @@ -311,6 +314,8 @@ struct { \ &(elm2)->field.le_next; \ (elm2)->field.le_prev = (elm)->field.le_prev; \ *(elm2)->field.le_prev = (elm2); \ + (elm)->field.le_prev = NULL; \ + (elm)->field.le_next = NULL; \ } while (0) /* @@ -465,6 +470,8 @@ struct { \ else \ (head)->tqh_last = (elm)->field.tqe_prev; \ *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ + (elm)->field.tqe_prev = NULL; \ + (elm)->field.tqe_next = NULL; \ } while (0) #define TAILQ_REPLACE(head, elm, elm2, field) do { \ @@ -475,6 +482,8 @@ struct { \ (head)->tqh_last = &(elm2)->field.tqe_next; \ (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ *(elm2)->field.tqe_prev = (elm2); \ + (elm)->field.tqe_prev = NULL; \ + (elm)->field.tqe_next = NULL; \ } while (0) /* @@ -575,6 +584,8 @@ struct { \ else \ (elm)->field.cqe_prev->field.cqe_next = \ (elm)->field.cqe_next; \ + (elm)->field.cqe_next = NULL; \ + (elm)->field.cqe_prev = NULL; \ } while (0) #define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ @@ -588,6 +599,8 @@ struct { \ (head).cqh_first = (elm2); \ else \ (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ + (elm)->field.cqe_next = NULL; \ + (elm)->field.cqe_prev = NULL; \ } while (0) #endif /* !_FAKE_QUEUE_H_ */