Bug 170832 - jail v2 loses a binding of ip which sets after ips with /"network prefix"
Summary: jail v2 loses a binding of ip which sets after ips with /"network prefix"
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: 9.1-PRERELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: Jamie Gritton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-08-21 19:50 UTC by Oleg Ginzburg
Modified: 2012-08-29 19:53 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oleg Ginzburg 2012-08-21 19:50:10 UTC 
when the jail is created by config file with multiple ips, jail loses all ip assignment which sets after ips with /"network prefix"
Nevertheless, all IP are established on the interface with the correct mask

How-To-Repeat: Have jail config with multiple ips with prefix in the list. Config sample (we mean that in /usr/jails/jail1 we have a complete freebsd base environment):

% cat jail1.conf 
jail1 {
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
#mount.devfs;
host.hostname = "jail1.my.domain";
path = "/usr/jails/jail1";
allow.raw_sockets;
allow.socket_af;
allow.chflags;
allow.sysvipc;
ip4.addr = 10.0.0.1,10.0.0.2,172.17.0.0/16,10.0.0.3;
interface="em0";
mount.devfs;
devfs_ruleset="4";
}

// Before jail creation, interfaces em0 have:
% ifconfig em0 | grep "inet "
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255

// Jail start:
% jail -f jail1.conf -c jail1
jail1: created
..

//done. Check for IPs on interface. 172.17.0.0 have correct mask:
ifconfig em0 | grep "inet "
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 
        inet 10.0.0.1 netmask 0xffffffff broadcast 10.0.0.1 
        inet 10.0.0.2 netmask 0xffffffff broadcast 10.0.0.2 
        inet 172.17.0.0 netmask 0xffff0000 broadcast 172.17.255.255 
        inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3 

//Check for IP in jls:
% jls -v
   JID  Hostname                      Path
        Name                          State
        CPUSetID
        IP Address(es)
     1  jail1.my.domain               /usr/jails/jail1
        jail1                         ACTIVE
        2     
        10.0.0.1       
        10.0.0.2       
        172.17.0.0     

We have 10.0.0.1/32,10.0.0.2/32 and 172.17.0.0/16 but loose 10.0.0.3
Comment 1 Bjoern A. Zeeb freebsd_committer freebsd_triage 2012-08-22 02:44:26 UTC 
Responsible Changed
From-To: freebsd-bugs->jamie

I think this is yours.
Comment 2 dfilter service freebsd_committer freebsd_triage 2012-08-23 02:43:12 UTC 
Author: jamie
Date: Thu Aug 23 01:43:01 2012
New Revision: 239601
URL: http://svn.freebsd.org/changeset/base/239601

Log:
  Remember that I'm using length-defined strings in parameters:
  
   Remove a bogus null terminator when stripping the netmask from
   IP addresses.  This was causing later addresses in a comma-separated
   string to disappear.
  
   Use memcpy instead of strcpy.  This could just cause Bad Things.
  
  PR:		170832
  MFC after:	1 week

Modified:
  head/usr.sbin/jail/config.c

Modified: head/usr.sbin/jail/config.c
==============================================================================
--- head/usr.sbin/jail/config.c	Thu Aug 23 00:39:08 2012	(r239600)
+++ head/usr.sbin/jail/config.c	Thu Aug 23 01:43:01 2012	(r239601)
@@ -597,8 +597,7 @@ check_intparams(struct cfjail *j)
 					    "ip4.addr: bad netmask \"%s\"", cs);
 					error = -1;	
 				}
-				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -621,8 +620,7 @@ check_intparams(struct cfjail *j)
 					    cs);
 					error = -1;	
 				}
-				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -714,7 +712,7 @@ import_params(struct cfjail *j)
 			value = alloca(vallen);
 			cs = value;
 			TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) {
-				strcpy(cs, s->s);
+				memcpy(cs, s->s, s->len);
 				if (ts != NULL) {
 					cs += s->len + 1;
 					cs[-1] = ',';
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 3 Jamie Gritton freebsd_committer freebsd_triage 2012-08-23 03:03:03 UTC 
State Changed
From-To: open->patched

Fixed in r239601: I had a '0' where it didn't belong.
Comment 4 Oleg Ginzburg 2012-08-23 09:16:39 UTC 
Ive got another problem now.

root@gizmo:/ # cat jail1.conf=20
jail1 {
exec.start =3D "/bin/sh /etc/rc";
exec.stop =3D "/bin/sh /etc/rc.shutdown";
exec.clean;
#mount.devfs;
host.hostname =3D "jail1.my.domain";
path =3D "/usr/jails/jail1";
allow.raw_sockets;
allow.socket_af;
allow.chflags;
allow.sysvipc;
ip4.addr =3D 10.0.0.2/24;
ip4.addr +=3D 192.168.0.4/24;
ip4.addr +=3D 172.17.9.99/16;
ip4.addr +=3D 10.0.0.4;
interface=3D"re0";
mount.devfs;
devfs_ruleset=3D"4";
}

root@gizmo:/ # jail -f jail1.conf -c jail1
jail: jail1: ip4.addr: not an IPv4 address: 10.0.0.4=B1
Comment 5 Mark Linimon 2012-08-23 13:13:30 UTC 
----- Forwarded message from Jamie Gritton <jamie@FreeBSD.org> -----

Date: Wed, 22 Aug 2012 19:47:11 -0600
From: Jamie Gritton <jamie@FreeBSD.org>
To: Oleg Ginzburg <olevole@olevole.ru>
Cc: FreeBSD-Jail <freebsd-jail@FreeBSD.org>
Subject: Re: misc/170832: jail v2 loses a binding of ip which sets after ips
	with /"network prefix"
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:9.0) Gecko/20120126 Thunderbird/9.0

I confused myself on the difference between null-terminated and
length-defined strings, and stuck a '\0' were it didn't belong.
I've committed the fix to HEAD, and I'll have it in 9.1 next week.

- Jamie

----- End forwarded message -----
Comment 6 dfilter service freebsd_committer freebsd_triage 2012-08-29 17:11:24 UTC 
Author: jamie
Date: Wed Aug 29 16:11:03 2012
New Revision: 239854
URL: http://svn.freebsd.org/changeset/base/239854

Log:
  MFC r239601:
  
   Remember that I'm using length-defined strings in parameters:
  
    Remove a bogus null terminator when stripping the netmask from
    IP addresses.  This was causing later addresses in a comma-separated
    string to disappear.
  
    Use memcpy instead of strcpy.  This could just cause Bad Things.
  
  MFC r239602:
  
   Pre-separate IP addresses passed on the command line, so they can be
   properly parsed for interface prefixes and netmask suffixes.  This was
   already done for the old-style (fixed) command line, but missed for
   the new-style.
  
  MFC r239621:
  
   Partially roll back r239601 - keep parameter strings both length-delimited
   and null-terminated at the same time, because they're later passed to
   libjail as null-terminated.  That means I also need to add a nul byte when
   comma-combining array parameters.
  
  PR:		170832

Modified:
  stable/9/usr.sbin/jail/config.c
  stable/9/usr.sbin/jail/jail.c
Directory Properties:
  stable/9/usr.sbin/jail/   (props changed)

Modified: stable/9/usr.sbin/jail/config.c
==============================================================================
--- stable/9/usr.sbin/jail/config.c	Wed Aug 29 16:00:26 2012	(r239853)
+++ stable/9/usr.sbin/jail/config.c	Wed Aug 29 16:11:03 2012	(r239854)
@@ -596,7 +596,7 @@ check_intparams(struct cfjail *j)
 					error = -1;	
 				}
 				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -620,7 +620,7 @@ check_intparams(struct cfjail *j)
 					error = -1;	
 				}
 				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -712,12 +712,11 @@ import_params(struct cfjail *j)
 			value = alloca(vallen);
 			cs = value;
 			TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) {
-				strcpy(cs, s->s);
-				if (ts != NULL) {
-					cs += s->len + 1;
-					cs[-1] = ',';
-				}
+				memcpy(cs, s->s, s->len);
+				cs += s->len + 1;
+				cs[-1] = ',';
 			}
+			value[vallen - 1] = '\0';
 		}
 		if (jailparam_import(jp, value) < 0) {
 			error = -1;

Modified: stable/9/usr.sbin/jail/jail.c
==============================================================================
--- stable/9/usr.sbin/jail/jail.c	Wed Aug 29 16:00:26 2012	(r239853)
+++ stable/9/usr.sbin/jail/jail.c	Wed Aug 29 16:11:03 2012	(r239854)
@@ -304,9 +304,33 @@ main(int argc, char **argv)
 				for (i++; i < argc; i++)
 					add_param(NULL, NULL, IP_COMMAND,
 					    argv[i]);
-				break;
 			}
-			add_param(NULL, NULL, 0, argv[i]);
+#ifdef INET
+			else if (!strncmp(argv[i], "ip4.addr=", 9)) {
+				for (cs = argv[i] + 9;; cs = ncs + 1) {
+					ncs = strchr(cs, ',');
+					if (ncs)
+						*ncs = '\0';
+					add_param(NULL, NULL, KP_IP4_ADDR, cs);
+					if (!ncs)
+						break;
+				}
+			}
+#endif
+#ifdef INET6
+			else if (!strncmp(argv[i], "ip6.addr=", 9)) {
+				for (cs = argv[i] + 9;; cs = ncs + 1) {
+					ncs = strchr(cs, ',');
+					if (ncs)
+						*ncs = '\0';
+					add_param(NULL, NULL, KP_IP6_ADDR, cs);
+					if (!ncs)
+						break;
+				}
+			}
+#endif
+			else
+				add_param(NULL, NULL, 0, argv[i]);
 		}
 	} else {
 		/* From the config file, perhaps with a specified jail */
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 7 dfilter service freebsd_committer freebsd_triage 2012-08-29 19:40:27 UTC 
Author: jamie
Date: Wed Aug 29 18:40:12 2012
New Revision: 239871
URL: http://svn.freebsd.org/changeset/base/239871

Log:
  MFS r239854 (including MFC r239601, r239602, r239621):
  
   Remember that I'm using length-defined strings in parameters:
  
    Don't include the null terminator when recomputing the parameter
    length when stripping the netmask from IP addresses.  This was
    causing later addresses in a comma-separated string to disappear.
  
    Use memcpy instead of strcpy.  This could just cause Bad Things.
  
    Add a null byte when comma-combining array parameters.
  
    Pre-separate IP addresses passed on the command line, so they can be
    properly parsed for interface prefixes and netmask suffixes.  This was
    already done for the old-style (fixed) command line, but missed for
    the new-style.
  
  PR:		170832
  Approved by:	re (kib)

Modified:
  releng/9.1/usr.sbin/jail/config.c
  releng/9.1/usr.sbin/jail/jail.c
Directory Properties:
  releng/9.1/usr.sbin/jail/   (props changed)

Modified: releng/9.1/usr.sbin/jail/config.c
==============================================================================
--- releng/9.1/usr.sbin/jail/config.c	Wed Aug 29 18:37:10 2012	(r239870)
+++ releng/9.1/usr.sbin/jail/config.c	Wed Aug 29 18:40:12 2012	(r239871)
@@ -596,7 +596,7 @@ check_intparams(struct cfjail *j)
 					error = -1;	
 				}
 				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -620,7 +620,7 @@ check_intparams(struct cfjail *j)
 					error = -1;	
 				}
 				*cs = '\0';
-				s->len = cs - s->s + 1;
+				s->len = cs - s->s;
 			}
 		}
 	}
@@ -712,12 +712,11 @@ import_params(struct cfjail *j)
 			value = alloca(vallen);
 			cs = value;
 			TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) {
-				strcpy(cs, s->s);
-				if (ts != NULL) {
-					cs += s->len + 1;
-					cs[-1] = ',';
-				}
+				memcpy(cs, s->s, s->len);
+				cs += s->len + 1;
+				cs[-1] = ',';
 			}
+			value[vallen - 1] = '\0';
 		}
 		if (jailparam_import(jp, value) < 0) {
 			error = -1;

Modified: releng/9.1/usr.sbin/jail/jail.c
==============================================================================
--- releng/9.1/usr.sbin/jail/jail.c	Wed Aug 29 18:37:10 2012	(r239870)
+++ releng/9.1/usr.sbin/jail/jail.c	Wed Aug 29 18:40:12 2012	(r239871)
@@ -304,9 +304,33 @@ main(int argc, char **argv)
 				for (i++; i < argc; i++)
 					add_param(NULL, NULL, IP_COMMAND,
 					    argv[i]);
-				break;
 			}
-			add_param(NULL, NULL, 0, argv[i]);
+#ifdef INET
+			else if (!strncmp(argv[i], "ip4.addr=", 9)) {
+				for (cs = argv[i] + 9;; cs = ncs + 1) {
+					ncs = strchr(cs, ',');
+					if (ncs)
+						*ncs = '\0';
+					add_param(NULL, NULL, KP_IP4_ADDR, cs);
+					if (!ncs)
+						break;
+				}
+			}
+#endif
+#ifdef INET6
+			else if (!strncmp(argv[i], "ip6.addr=", 9)) {
+				for (cs = argv[i] + 9;; cs = ncs + 1) {
+					ncs = strchr(cs, ',');
+					if (ncs)
+						*ncs = '\0';
+					add_param(NULL, NULL, KP_IP6_ADDR, cs);
+					if (!ncs)
+						break;
+				}
+			}
+#endif
+			else
+				add_param(NULL, NULL, 0, argv[i]);
 		}
 	} else {
 		/* From the config file, perhaps with a specified jail */
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 8 Jamie Gritton freebsd_committer freebsd_triage 2012-08-29 19:52:01 UTC 
State Changed
From-To: patched->closed

MFCd to 9 and 9.1.