From owner-freebsd-stable@FreeBSD.ORG Fri Apr 30 02:30:50 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AD2116A4CE for ; Fri, 30 Apr 2004 02:30:50 -0700 (PDT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59CDB43D58 for ; Fri, 30 Apr 2004 02:30:48 -0700 (PDT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i3U9Zqbd084815 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Apr 2004 12:35:54 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i3U9UAA1000445; Fri, 30 Apr 2004 12:30:10 +0300 (EEST) (envelope-from ru) Date: Fri, 30 Apr 2004 12:30:10 +0300 From: Ruslan Ermilov To: Archie Cobbs Message-ID: <20040430093010.GA394@ip.net.ua> References: <20040408100929.GD16290@ip.net.ua> <200404081421.i38ELdgJ003094@arch20m.dellroad.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB" Content-Disposition: inline In-Reply-To: <200404081421.i38ELdgJ003094@arch20m.dellroad.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: stable@FreeBSD.org cc: Julian Elischer Subject: Re: ng_bridge(4) has an easily exploitable memory leak X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Apr 2004 09:30:50 -0000 --DocE+STaALJfprDB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 08, 2004 at 09:21:39AM -0500, Archie Cobbs wrote: > Ruslan Ermilov wrote: > > > > On RELENG_4, ng_bridge(4) has an easily exploitable memory leak, > > > > and may quickly run system out of mbufs. It's enough to just > > > > have only one link connected to the bridge, e.g., the "upper" > > > > hook of the ng_ether(4) with IP address assigned, and pinging > > > > the broadcast IP address on the interface. The bug is more > > > > real when constructing a bridge, or, like we experienced it, > > > > by shutting down all except one bridge's link. The following > > > > patch fixes it: > > > >=20 > > [snipped] > >=20 > > > > An alternate solution is to MFC most of ng_bridge.c,v 1.8. Julian? > > >=20 > > > what does an MFC diff look like? > > > (bridge is one of archies's nodes) >=20 > I'd just like to add a personal note... "Oops!" >=20 OK, I've committed my patch now, after testing it locally. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --DocE+STaALJfprDB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAkhyiUkv4P6juNwoRAgCuAJ9K//gXmWJTzTotmeWAmfwGcOuFCgCfcMhV DxefgMiI0xUriY/ncbU4oI8= =4yvp -----END PGP SIGNATURE----- --DocE+STaALJfprDB--