kern/133786: [netinet] [patch] ip_input might cause kernel panic
Bruce Simpson
bms at incunabulum.net
Fri Sep 18 15:50:03 UTC 2009
The following reply was made to PR kern/133786; it has been noted by GNATS.
From: Bruce Simpson <bms at incunabulum.net>
To: freebsd-gnats-submit at FreeBSD.org
Cc:
Subject: Re: kern/133786: [netinet] [patch] ip_input might cause kernel panic
Date: Fri, 18 Sep 2009 16:40:20 +0100
Interesting... the input checks in ip_input() should really have
screened this out, however, if m->m_len is indeed smaller than mcopy
(temporary mbuf created in the ip_forward() slow path), then
m_copydata() may well stomp on memory not owned by the mbuf chain.
More information about the freebsd-net
mailing list