[Bug 200323] BPF userland misuse can crash the system
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jun 15 16:51:18 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200323
--- Comment #11 from Ermal Luçi <eri at pfsense.org> ---
(In reply to Kubilay Kocak from comment #10)
Ok i am posting this to phabricator since i am a freebsd developer :)
Just for the reference here is another iteration of the patch
diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index fec6aa0..aa370d6 100644
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -364,6 +364,7 @@ retry:
if ((la->la_flags & LLE_VALID) &&
((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) {
bcopy(&la->ll_addr, desten, ifp->if_addrlen);
+ renew = 0;
/*
* If entry has an expiry time and it is approaching,
* see if we need to send an ARP request within this
@@ -371,14 +372,22 @@ retry:
*/
if (!(la->la_flags & LLE_STATIC) &&
time_uptime + la->la_preempt > la->la_expire) {
- arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL);
+ renew = 1;
la->la_preempt--;
}
if (pflags != NULL)
*pflags = la->la_flags;
- error = 0;
- goto done;
+
+ if (flags & LLE_EXCLUSIVE)
+ LLE_WUNLOCK(la);
+ else
+ LLE_RUNLOCK(la);
+
+ if (renew == 1)
+ arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL);
+
+ return (0);
}
if (la->la_flags & LLE_STATIC) { /* should not happen! */
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list