Date: Wed, 18 Mar 2015 18:01:42 +0100 From: Alexandre Martins <alexandre.martins@stormshield.eu> To: 'freebsd-current' <freebsd-current@freebsd.org> Subject: Possible race in IPv6 Message-ID: <95157304.ieSUkydfeD@pc-alex>
next in thread | raw e-mail | index | archive | help
--nextPart7323170.F8fcClRqky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" Dear, I'm facing some crash around manipulations of IPv6 address. I already found that the commit 275593 will fix my issue. However, after some code review, i see a possible race in the function=20= nd6_na_input: https://svnweb.freebsd.org/base/head/sys/netinet6/nd6_nbr.c?annotate=3D= 279676#l750 =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { ifa_free(ifa); nd6_dad_na_input(ifa); goto freeit; } =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D As you can see, the function drop its reference on the address and pass= it to=20 nd6_dad_na_input. It should be better to release the reference after the call. What about you? Regards =2D-=20 Alexandre Martins STORMSHIELD --nextPart7323170.F8fcClRqky Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIhDCCBIYw ggJuoAMCAQICBQDbzPDtMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYTAkZSMRQwEgYDVQQKDAtT VE9STVNISUVMRDEjMCEGA1UEAwwaU3Rvcm1zaGllbGQgUm9vdCBBdXRob3JpdHkwHhcNMTQwOTA0 MTUwNzEwWhcNMjQwOTAxMTUwNzEwWjBJMQswCQYDVQQGEwJGUjEUMBIGA1UECgwLU1RPUk1TSElF TEQxJDAiBgNVBAMMG1N0b3Jtc2hpZWxkIFVzZXJzIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMKHBaAL/pVYovuOBYjd4DaxW9F07C4dxexEABdVZ2UwLTKCDu7jkTvw aECel2XxBsi7vH9DbM6roq22ynAMQiOSgwtNmeAsuUaNglk9+5KgLqGX1Hu9F3l/wWG7e/TFD/u/ MpjPgLzfogYKuTfWCas87QfR/GTLEIx+GhNPO57ehdbUiyZDAKs4867ZjzZAA0OFuJ9YuMhYl62e PnxhEpHzYoGzcWVurG2nSaL34izAy8IJFKhP45EHvcKXpRG3tCbsFwP6qeQn27CVQL3h0iVPaFfj Jtj/D+ywDXsTDjXx+DJEJZBfOCNmBn9dRzDZY/10iCADs+D5z/F5E4kfXO8CAwEAAaN2MHQwHQYD VR0OBBYEFKFthGyigIUFfHx1dYA0wRNbl9eBMB8GA1UdIwQYMBaAFLhCqfpnRPB/02GM7KXHUK60 veyjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAN BgkqhkiG9w0BAQsFAAOCAgEAToL3OS3Ynp0+bYotvNFLqsEhhk0WLRfn2Dd6RDZJzhRayr4Hcvzq PnGdBJGcgz8MpXX5DZQdtT+qyHhy2jZ/BNXpX5onTtW79skTWsA3gAjhXbrK1/tWgFwGNVkmrykc 4yn8bZ5AfsXXGrOaXrwOkqS7rppRqWRwL0gzzabsBbdgDK8OhgQByG/irIvyqFUsunos2u7xk6Ew QuFktaXi6XD9IUMyFwFLojjALqJyPvUwsZKuvrW8yS0x3BD4IYVDnPkltrEzrVWDMprLz6CXD7FN umeK2sN+GTMezZ93A466ve+02c2yt0FaJg+x4naThUYPui/mQhNBlySZnIX9X4iv/9qAlAZW7CEN kJeBc6+uN74Utinu1D2mBK8tuW6HUD7LB/IecUjifq1nL1IPcwgOBZHgrAUszVCa3c1Bvfa2Sr1W bSNRxBcV9udYosD2SvDebw2YKqEvk/Ol856Bg5zRAlZ8xBqbF5bFcwuTq4qKxL//5Wp+kJrknHne 370Oag3X6hviM6ms9pfq18EGvl2NqHbLM8aMcQHnZWBZfEgX2UIzbPtDD7MVvY8h015KMiQ0QWD/ WisoABrmBBcBDKc3YnsT5ot/ZcuEdxLS/73KiKw8TD35NvkXW5CH6DNgPklRRhxhadydfyA/yTpf 4XmZD/zUig0v8h6PEmDL8ugwggP2MIIC3qADAgECAgUAhSjIwzANBgkqhkiG9w0BAQUFADBJMQsw CQYDVQQGEwJGUjEUMBIGA1UECgwLU1RPUk1TSElFTEQxJDAiBgNVBAMMG1N0b3Jtc2hpZWxkIFVz ZXJzIEF1dGhvcml0eTAeFw0xNDA5MDQxNTEwMzhaFw0xNTA5MDQxNTEwMzhaMHAxCzAJBgNVBAYT AkZSMRQwEgYDVQQKDAtTVE9STVNISUVMRDEaMBgGA1UEAwwRQWxleGFuZHJlIE1BUlRJTlMxLzAt BgkqhkiG9w0BCQEWIGFsZXhhbmRyZS5tYXJ0aW5zQHN0b3Jtc2hpZWxkLmV1MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva7AtO0nbBUoYsRPeAP+85Lv4zx5bPdpxLuQVJmFJL6VDH28 Qxoxlq0j/3HGdfFR2sFe+utPledu6F79SCJDYRQ5ZQuS+TFgyvVzCSuVqpw6z0LQdTh4pouCh71B Bb8RSUXX2zx7Fu5IlSpLjGIf0prk1xrz/YyHJLQo2mSusnogi6hF2GsEVViUZtemK+uPqVToJ5oR AAJ4mU/Xl3aCOd7O3UzNT3T0clrfpNHKrcWcyqgE6g/gY/7NiJESRov3De8xzcczLxJFO51ODlaw y8yT1AHyWIDEkcbgX1Gk4s1ImXQDoq6pQEq2O5cIr59GlSd/YBq36Av6J3LGcmVnQwIDAQABo4G9 MIG6MB0GA1UdDgQWBBTL/0iutSuRsFLRxja4yiLlnMg2rTAfBgNVHSMEGDAWgBShbYRsooCFBXx8 dXWANMETW5fXgTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwID6DArBgNVHREEJDAigSBhbGV4YW5k cmUubWFydGluc0BzdG9ybXNoaWVsZC5ldTARBglghkgBhvhCAQEEBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQBHvjAZNyBp1pfsgV5R2oECDTsU vzfyvrj1CVTbOCXtg036DS7Tms7oybwsxUv6kQg9iq5eAklfyuz53VkL9IArm/iWn9QwecxANeMq k3Lc1LIMPhqqg6WZDze1G2PfYlwBkputKyQlhifQ8Xx6wJ+avt1lum5P1EFcQfG6zreyOxfai99a QcAxP1Ry3nXQMbUzP5UZkK0+PhYvy9mTv4b1vPWxeUMMXSO1TPXN1IkuPzzvR86MDHFO17l/aqJV Mr6Ea2A/deI7JilI48fb8jTsAaxBWL5RwrreXLXBjKDsEYzrANB4Kn/uQzkjnRM1NVRS+SMro3tk hzfdSmUFXs5tMYICAzCCAf8CAQEwUjBJMQswCQYDVQQGEwJGUjEUMBIGA1UECgwLU1RPUk1TSElF TEQxJDAiBgNVBAMMG1N0b3Jtc2hpZWxkIFVzZXJzIEF1dGhvcml0eQIFAIUoyMMwCQYFKw4DAhoF AKCBhzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTAzMTgxNzAx NDJaMCMGCSqGSIb3DQEJBDEWBBTXCYYWcWQdzVCBNC29qYuoERzUyjAoBgkqhkiG9w0BCQ8xGzAZ MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzANBgkqhkiG9w0BAQEFAASCAQBAwZF+KzSmOygYeJW3 A1pS6U2rVDPPnJidgz84KzuzIC2NzjI9oA/DM4j/s8+XaWT0ABSPabnhh2zEZ+6CQimqOM4d2ZiL wfebxcTSi92hXDQiARJQSymE/o0HH6n/Eh2vR12ihMXYXgUqCnBFhbytVLMvzwbbedApf9vdP3w7 RUvO+ucfBo6V6hqznw2AjwYcxNbAp7eyAugQY1HMScoGq5ez/HH8TpwFR7mPs4cwx9fdJ7lK2wuP j/U0BAx8wGBelF+mDBFUKDr0+akpfi5iDPhXbZaFeiicfheO8ng64yTq2UcA00Bz1K/70OTrvpYo UY2V7bD+yupLNXKILUUIAAAAAAAA --nextPart7323170.F8fcClRqky--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95157304.ieSUkydfeD>