Site Navigation

Date:      Wed, 18 Mar 2015 18:01:42 +0100
From:      Alexandre Martins <alexandre.martins@stormshield.eu>
To:        'freebsd-current' <freebsd-current@freebsd.org>
Subject:   Possible race in IPv6
Message-ID:  <95157304.ieSUkydfeD@pc-alex>

---

index | next in thread | raw e-mail

---

[-- Attachment #1 --]
Dear,

I'm facing some crash around manipulations of IPv6 address.

I already found that the commit 275593 will fix my issue.

However, after some code review, i see a possible race in the function 
nd6_na_input:

https://svnweb.freebsd.org/base/head/sys/netinet6/nd6_nbr.c?annotate=279676#l750

=-=-=-=-=-=-=-=-=-=
if (ifa
 && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) {
 ifa_free(ifa);
 nd6_dad_na_input(ifa);
 goto freeit;
}
=-=-=-=-=-=-=-=-=-=

As you can see, the function drop its reference on the address and pass it to 
nd6_dad_na_input.
It should be better to release the reference after the call.

What about you?

Regards

-- 
Alexandre Martins
STORMSHIELD


[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


���0��0�n�
����0
	*�H��


0H10	UFR10U
STORMSHIELD1#0!UStormshield Root Authority0
140904150710Z
240901150710Z0I10	UFR10U
STORMSHIELD1$0"UStormshield Users Authority0�
"0
	*�H��



�
0�

�

‡���X������6�[�t�.��DUge0-2���;�h@��e�Ȼ�ClΫ����pB#��M��,�F��Y=���.���{�y�a�{����2�π�ߢ
�7�	�<���d��~O;�ޅ�ԋ&C�8�ُ6@C���X��X���>|a��b��qen�m�I���,���	�O��—���&����'۰�@���%OhW�&���
{5��2D%�_8#f]G0�c�t� �����y�\�

�v0t0U�m�l���||uu�4�[�ׁ0U#0��B��gD��a���P����0U

�0

�0U

�
0	`�H
��B


0
	*�H��


�
N��9-؞�>m�-��K��!�M-��7zD6I�Zʾr��>q����?�u�
��?��xr�6��_�'Nջ��Z�7��]����V�\5Y&�)�)�m�@~����^������Q�dp/H3ͦ��`��
�o⬋�U,�z,���0B�d����p�!C2
K�8�.�r>�0�������-1��!�C��%��3�U�2��Ϡ��M�g���~3͟w�����Ͳ�AZ&��v��F�/�BA�$����_���ڀ�V�!
���s��7��)��=��-�n�P>��qH�~�g/Rs��,�P���A���J�Vm#Q���X���J��o
�*�/��󞁃��V|����s����Ŀ��j~���y�߽j
���3��������]��v�3ƌq
�e`Y|H�B3l�C���!�^J2$4A`�Z+(�
�7b{�e˄w���ʈ�<L=�6�[���3`>IQFaiܝ ?�:_�y��Ԋ
/��`���0��0�ޠ
�(��0
	*�H��


0I10	UFR10U
STORMSHIELD1$0"UStormshield Users Authority0
140904151038Z
150904151038Z0p10	UFR10U
STORMSHIELD10UAlexandre MARTINS1/0-	*�H��

	
 alexandre.martins@stormshield.eu0�
"0
	*�H��



�
0�

�

�����'l(b�Ox����<yl�iĻ�T��$��}�C1��#�q�u�Q��^��O��n�^�H"Ca9e��1`��s	+���:�B�u8x�����A�IE��<{�H�*K�bҚ������$�(�d��z ��E�kUX�fצ+돩T�'�x�Oחv�9���L�Ot�rZߤ�ʭŜʨ��c�͈�F��
�1��3/E;�NV��̓�
�X�đ��_Q���H�t���@J�;���F�'`���'r�regC

���0��0U��H��+��R��6��"��6�0U#0��m�l���||uu�4�[�ׁ0	U00U

��0+U$0"� alexandre.martins@stormshield.eu0	`�H
��B

�0U%0+
+
0
	*�H��


�

G�07 i֗�^Qځ
;�7��	T�8%�M�
.Ӛ��ɼ,�K��=��^I_����Y�+�����0y�@5�*�r�Բ>����7�c�b\
���+$%�'��|z�����e�nO�A\A�η�;ڋ�ZA�1?Tr�u�1�3?���>>/�ٓ������yC]#�L��ԉ.?<�GΌqN׹j�U2��k`?u�;&)H����4�
�AX�Qº�\��������x*�C9#�55TR�#+�{d�7�Je^�m1�0�
�

0R0I10	UFR10U
STORMSHIELD1$0"UStormshield Users Authority�(��0	+���0	*�H��

	1	*�H��


0	*�H��

	1
150318170142Z0#	*�H��

	1�	�qd�P�4-������0(	*�H��

	100	`�H
e
0
*�H��
0
	*�H��



�
@��~+4�;(x��ZR�M�T3Ϝ���?8+;� -��2=��3���ϗid��i��l�g�B)�8�٘������ҋݡ\4"
PK)������G]����^*
pE���T�/��y�)��?|;EK��������
���������cQ�I�����q�N�G����0���'�J����4|�`^�_�T(:���)~.b�Wm��z(�~��x:�$��G�@sԯ���뾖(Q�������K5r�-E

help

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95157304.ieSUkydfeD>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact