From owner-freebsd-bugs@FreeBSD.ORG  Wed Apr  7 18:30:04 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C2F5D106566C
	for <freebsd-bugs@hub.freebsd.org>;
	Wed,  7 Apr 2010 18:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 859F28FC1D
	for <freebsd-bugs@hub.freebsd.org>;
	Wed,  7 Apr 2010 18:30:04 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o37IU43d087170
	for <freebsd-bugs@freefall.freebsd.org>; Wed, 7 Apr 2010 18:30:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o37IU4bs087165;
	Wed, 7 Apr 2010 18:30:04 GMT (envelope-from gnats)
Resent-Date: Wed, 7 Apr 2010 18:30:04 GMT
Resent-Message-Id: <201004071830.o37IU4bs087165@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Aleksey <otim@mail.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 65A0D1065688
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed,  7 Apr 2010 18:25:03 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 553508FC0C
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed,  7 Apr 2010 18:25:03 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o37IP2WC090764
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 7 Apr 2010 18:25:02 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o37IP2cx090763;
	Wed, 7 Apr 2010 18:25:02 GMT (envelope-from nobody)
Message-Id: <201004071825.o37IP2cx090763@www.freebsd.org>
Date: Wed, 7 Apr 2010 18:25:02 GMT
From: Aleksey <otim@mail.ru>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/145462: [patch] panic kernel when ng_ipfw send ip package on
	not existing netgraph node
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2010 18:30:04 -0000


>Number:         145462
>Category:       kern
>Synopsis:       [patch] panic kernel when ng_ipfw send ip package on not existing netgraph node
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 07 18:30:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Aleksey
>Release:        7.3-RELEASE
>Organization:
MKC
>Environment:
FreeBSD nas2.test 7.3-RELEASE FreeBSD 7.3-RELEASE #2: Wed Apr  7 01:12:12 OMSST 2010     root@nas2.test:/usr/obj/usr/src/sys/GW  i386

>Description:
When ng_ipfw send ip package on not existing netgraph node, package must is rejected. Dead node, causes panic a kernel, at issues of the package in it.
>How-To-Repeat:
ipfw add 1 netgraph 1 all from me to any
ping 127.0.0.1
>Fix:
--- /usr/src/sys/netgraph/ng_ipfw.c.orig        2010-02-10 06:26:20.000000000 +0600
+++ /usr/src/sys/netgraph/ng_ipfw.c     2010-04-08 01:13:31.000000000 +0700
@@ -271,8 +271,10 @@
         */
        if (fw_node == NULL ||
           (hook = ng_ipfw_findhook1(fw_node, fwa->cookie)) == NULL) {
-               if (tee == 0)
+               if (tee == 0) {
                        m_freem(*m0);
+                       *m0 = NULL;
+               }
                return (ESRCH);         /* no hook associated with this rule */
        }


>Release-Note:
>Audit-Trail:
>Unformatted: