Date: Fri, 30 Apr 2004 12:30:10 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Archie Cobbs <archie@dellroad.org> Cc: Julian Elischer <julian@elischer.org> Subject: Re: ng_bridge(4) has an easily exploitable memory leak Message-ID: <20040430093010.GA394@ip.net.ua> In-Reply-To: <200404081421.i38ELdgJ003094@arch20m.dellroad.org> References: <20040408100929.GD16290@ip.net.ua> <200404081421.i38ELdgJ003094@arch20m.dellroad.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 08, 2004 at 09:21:39AM -0500, Archie Cobbs wrote: > Ruslan Ermilov wrote: > > > > On RELENG_4, ng_bridge(4) has an easily exploitable memory leak, > > > > and may quickly run system out of mbufs. It's enough to just > > > > have only one link connected to the bridge, e.g., the "upper" > > > > hook of the ng_ether(4) with IP address assigned, and pinging > > > > the broadcast IP address on the interface. The bug is more > > > > real when constructing a bridge, or, like we experienced it, > > > > by shutting down all except one bridge's link. The following > > > > patch fixes it: > > > >=20 > > [snipped] > >=20 > > > > An alternate solution is to MFC most of ng_bridge.c,v 1.8. Julian? > > >=20 > > > what does an MFC diff look like? > > > (bridge is one of archies's nodes) >=20 > I'd just like to add a personal note... "Oops!" >=20 OK, I've committed my patch now, after testing it locally. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAkhyiUkv4P6juNwoRAgCuAJ9K//gXmWJTzTotmeWAmfwGcOuFCgCfcMhV DxefgMiI0xUriY/ncbU4oI8= =4yvp -----END PGP SIGNATURE----- --DocE+STaALJfprDB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040430093010.GA394>