diff options
author | Damien Miller <djm@mindrot.org> | 2007-10-26 16:42:18 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2007-10-26 16:42:18 +1000 |
commit | 9aeef6b50d23a9f430b65c6f3454d14db0083832 (patch) | |
tree | b7b6329c494dce38437f019db2a846787b3a0ea2 /openbsd-compat | |
parent | d129ecb0f98ea6e7e83f2a0a8914d3f99d5184c9 (diff) |
- otto@cvs.openbsd.org 2005/10/17 20:19:42
[openbsd-compat/sys-queue.h]
Performing certain operations on queue.h data structurs produced
funny results. An example is calling LIST_REMOVE on the same
element twice. This will not fail, but result in a data structure
referencing who knows what. Prevent these accidents by NULLing some
fields on remove and replace. This way, either a panic or segfault
will be produced on the faulty operation.
Diffstat (limited to 'openbsd-compat')
-rw-r--r-- | openbsd-compat/sys-queue.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h index 61e4ca7b0..ee2ce30bf 100644 --- a/openbsd-compat/sys-queue.h +++ b/openbsd-compat/sys-queue.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: queue.h,v 1.27 2005/02/25 13:29:30 deraadt Exp $ */ | 1 | /* $OpenBSD: queue.h,v 1.28 2005/10/17 20:19:42 otto Exp $ */ |
2 | /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ | 2 | /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ |
3 | 3 | ||
4 | /* | 4 | /* |
@@ -236,6 +236,7 @@ struct { \ | |||
236 | curelm = curelm->field.sle_next; \ | 236 | curelm = curelm->field.sle_next; \ |
237 | curelm->field.sle_next = \ | 237 | curelm->field.sle_next = \ |
238 | curelm->field.sle_next->field.sle_next; \ | 238 | curelm->field.sle_next->field.sle_next; \ |
239 | (elm)->field.sle_next = NULL; \ | ||
239 | } \ | 240 | } \ |
240 | } while (0) | 241 | } while (0) |
241 | 242 | ||
@@ -303,6 +304,8 @@ struct { \ | |||
303 | (elm)->field.le_next->field.le_prev = \ | 304 | (elm)->field.le_next->field.le_prev = \ |
304 | (elm)->field.le_prev; \ | 305 | (elm)->field.le_prev; \ |
305 | *(elm)->field.le_prev = (elm)->field.le_next; \ | 306 | *(elm)->field.le_prev = (elm)->field.le_next; \ |
307 | (elm)->field.le_prev = NULL; \ | ||
308 | (elm)->field.le_next = NULL; \ | ||
306 | } while (0) | 309 | } while (0) |
307 | 310 | ||
308 | #define LIST_REPLACE(elm, elm2, field) do { \ | 311 | #define LIST_REPLACE(elm, elm2, field) do { \ |
@@ -311,6 +314,8 @@ struct { \ | |||
311 | &(elm2)->field.le_next; \ | 314 | &(elm2)->field.le_next; \ |
312 | (elm2)->field.le_prev = (elm)->field.le_prev; \ | 315 | (elm2)->field.le_prev = (elm)->field.le_prev; \ |
313 | *(elm2)->field.le_prev = (elm2); \ | 316 | *(elm2)->field.le_prev = (elm2); \ |
317 | (elm)->field.le_prev = NULL; \ | ||
318 | (elm)->field.le_next = NULL; \ | ||
314 | } while (0) | 319 | } while (0) |
315 | 320 | ||
316 | /* | 321 | /* |
@@ -465,6 +470,8 @@ struct { \ | |||
465 | else \ | 470 | else \ |
466 | (head)->tqh_last = (elm)->field.tqe_prev; \ | 471 | (head)->tqh_last = (elm)->field.tqe_prev; \ |
467 | *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ | 472 | *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ |
473 | (elm)->field.tqe_prev = NULL; \ | ||
474 | (elm)->field.tqe_next = NULL; \ | ||
468 | } while (0) | 475 | } while (0) |
469 | 476 | ||
470 | #define TAILQ_REPLACE(head, elm, elm2, field) do { \ | 477 | #define TAILQ_REPLACE(head, elm, elm2, field) do { \ |
@@ -475,6 +482,8 @@ struct { \ | |||
475 | (head)->tqh_last = &(elm2)->field.tqe_next; \ | 482 | (head)->tqh_last = &(elm2)->field.tqe_next; \ |
476 | (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ | 483 | (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ |
477 | *(elm2)->field.tqe_prev = (elm2); \ | 484 | *(elm2)->field.tqe_prev = (elm2); \ |
485 | (elm)->field.tqe_prev = NULL; \ | ||
486 | (elm)->field.tqe_next = NULL; \ | ||
478 | } while (0) | 487 | } while (0) |
479 | 488 | ||
480 | /* | 489 | /* |
@@ -575,6 +584,8 @@ struct { \ | |||
575 | else \ | 584 | else \ |
576 | (elm)->field.cqe_prev->field.cqe_next = \ | 585 | (elm)->field.cqe_prev->field.cqe_next = \ |
577 | (elm)->field.cqe_next; \ | 586 | (elm)->field.cqe_next; \ |
587 | (elm)->field.cqe_next = NULL; \ | ||
588 | (elm)->field.cqe_prev = NULL; \ | ||
578 | } while (0) | 589 | } while (0) |
579 | 590 | ||
580 | #define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ | 591 | #define CIRCLEQ_REPLACE(head, elm, elm2, field) do { \ |
@@ -588,6 +599,8 @@ struct { \ | |||
588 | (head).cqh_first = (elm2); \ | 599 | (head).cqh_first = (elm2); \ |
589 | else \ | 600 | else \ |
590 | (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ | 601 | (elm2)->field.cqe_prev->field.cqe_next = (elm2); \ |
602 | (elm)->field.cqe_next = NULL; \ | ||
603 | (elm)->field.cqe_prev = NULL; \ | ||
591 | } while (0) | 604 | } while (0) |
592 | 605 | ||
593 | #endif /* !_FAKE_QUEUE_H_ */ | 606 | #endif /* !_FAKE_QUEUE_H_ */ |