Date: Thu, 27 Sep 2018 18:29:55 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r338978 - in releng: 11.1 11.1/sys/conf 11.1/sys/netinet6 11.2 11.2/sys/conf 11.2/sys/netinet6 Message-ID: <201809271829.w8RITtED068656@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon Date: Thu Sep 27 18:29:55 2018 New Revision: 338978 URL: https://svnweb.freebsd.org/changeset/base/338978 Log: Fix regression in IPv6 fragment reassembly. [EN-18:09.ip] Approved by: so Security: FreeBSD-EN-18:09.ip Modified: releng/11.1/UPDATING releng/11.1/sys/conf/newvers.sh releng/11.1/sys/netinet6/frag6.c releng/11.2/UPDATING releng/11.2/sys/conf/newvers.sh releng/11.2/sys/netinet6/frag6.c Modified: releng/11.1/UPDATING ============================================================================== --- releng/11.1/UPDATING Thu Sep 27 18:14:01 2018 (r338977) +++ releng/11.1/UPDATING Thu Sep 27 18:29:55 2018 (r338978) @@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20180927 p15 FreeBSD-EN-18:09.ip + FreeBSD-EN-18:10.syscall + FreeBSD-EN-18:11.listen + FreeBSD-EN-18:12.mem + + Fix regression in IPv6 fragment reassembly. [EN-18:09.ip] + + Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall] + + Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen] + + Fix small kernel memory disclosures. [EN-18:12.mem] + 20180912 p14 FreeBSD-SA-18:12.elf FreeBSD-EN-18:08.lazyfpu Modified: releng/11.1/sys/conf/newvers.sh ============================================================================== --- releng/11.1/sys/conf/newvers.sh Thu Sep 27 18:14:01 2018 (r338977) +++ releng/11.1/sys/conf/newvers.sh Thu Sep 27 18:29:55 2018 (r338978) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.1" -BRANCH="RELEASE-p14" +BRANCH="RELEASE-p15" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/11.1/sys/netinet6/frag6.c ============================================================================== --- releng/11.1/sys/netinet6/frag6.c Thu Sep 27 18:14:01 2018 (r338977) +++ releng/11.1/sys/netinet6/frag6.c Thu Sep 27 18:29:55 2018 (r338978) @@ -216,7 +216,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto) int offset = *offp, nxt, i, next; int first_frag = 0; int fragoff, frgpartlen; /* must be larger than u_int16_t */ - uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp; + uint32_t hashkey[(sizeof(struct in6_addr) * 2 + + sizeof(ip6f->ip6f_ident)) / sizeof(uint32_t)]; + uint32_t hash, *hashkeyp; struct ifnet *dstifp; u_int8_t ecn, ecn0; #ifdef RSS Modified: releng/11.2/UPDATING ============================================================================== --- releng/11.2/UPDATING Thu Sep 27 18:14:01 2018 (r338977) +++ releng/11.2/UPDATING Thu Sep 27 18:29:55 2018 (r338978) @@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20180927 p4 FreeBSD-EN-18:09.ip + FreeBSD-EN-18:10.syscall + FreeBSD-EN-18:11.listen + FreeBSD-EN-18:12.mem + + Fix regression in IPv6 fragment reassembly. [EN-18:09.ip] + + Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall] + + Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen] + + Fix small kernel memory disclosures. [EN-18:12.mem] + 20180912 p3 FreeBSD-SA-18:12.elf FreeBSD-EN-18:08.lazyfpu Modified: releng/11.2/sys/conf/newvers.sh ============================================================================== --- releng/11.2/sys/conf/newvers.sh Thu Sep 27 18:14:01 2018 (r338977) +++ releng/11.2/sys/conf/newvers.sh Thu Sep 27 18:29:55 2018 (r338978) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.2" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/11.2/sys/netinet6/frag6.c ============================================================================== --- releng/11.2/sys/netinet6/frag6.c Thu Sep 27 18:14:01 2018 (r338977) +++ releng/11.2/sys/netinet6/frag6.c Thu Sep 27 18:29:55 2018 (r338978) @@ -216,7 +216,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto) int offset = *offp, nxt, i, next; int first_frag = 0; int fragoff, frgpartlen; /* must be larger than u_int16_t */ - uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp; + uint32_t hashkey[(sizeof(struct in6_addr) * 2 + + sizeof(ip6f->ip6f_ident)) / sizeof(uint32_t)]; + uint32_t hash, *hashkeyp; struct ifnet *dstifp; u_int8_t ecn, ecn0; #ifdef RSS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809271829.w8RITtED068656>