From owner-freebsd-current@FreeBSD.ORG Wed Mar 18 17:07:37 2015 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1F0742F4 for ; Wed, 18 Mar 2015 17:07:37 +0000 (UTC) Received: from work.netasq.com (gwlille.netasq.com [91.212.116.1]) by mx1.freebsd.org (Postfix) with ESMTP id A84B59BF for ; Wed, 18 Mar 2015 17:07:36 +0000 (UTC) Received: from work.netasq.com (localhost.localdomain [127.0.0.1]) by work.netasq.com (Postfix) with ESMTP id 1B30A27050B4 for ; Wed, 18 Mar 2015 18:00:37 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by work.netasq.com (Postfix) with ESMTP id F33D52703B8D for ; Wed, 18 Mar 2015 18:00:36 +0100 (CET) Received: from work.netasq.com ([127.0.0.1]) by localhost (work.netasq.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id vs6LwitCcqta for ; Wed, 18 Mar 2015 18:00:36 +0100 (CET) Received: from pc-alex.localnet (unknown [10.2.200.254]) by work.netasq.com (Postfix) with ESMTP id D520427050B4 for ; Wed, 18 Mar 2015 18:00:35 +0100 (CET) From: Alexandre Martins To: 'freebsd-current' Subject: Possible race in IPv6 Date: Wed, 18 Mar 2015 18:01:42 +0100 Message-ID: <95157304.ieSUkydfeD@pc-alex> Organization: NETASQ User-Agent: KMail/4.14.2 (FreeBSD/10.0-RELEASE-p12; KDE/4.14.2; amd64; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart7323170.F8fcClRqky"; micalg="sha1"; protocol="application/pkcs7-signature" X-Mailman-Approved-At: Wed, 18 Mar 2015 18:06:44 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2015 17:07:37 -0000 --nextPart7323170.F8fcClRqky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" Dear, I'm facing some crash around manipulations of IPv6 address. I already found that the commit 275593 will fix my issue. However, after some code review, i see a possible race in the function=20= nd6_na_input: https://svnweb.freebsd.org/base/head/sys/netinet6/nd6_nbr.c?annotate=3D= 279676#l750 =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D if (ifa && (((struct in6_ifaddr *)ifa)->ia6_flags & IN6_IFF_TENTATIVE)) { ifa_free(ifa); nd6_dad_na_input(ifa); goto freeit; } =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D As you can see, the function drop its reference on the address and pass= it to=20 nd6_dad_na_input. It should be better to release the reference after the call. What about you? Regards =2D-=20 Alexandre Martins STORMSHIELD --nextPart7323170.F8fcClRqky Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIhDCCBIYw ggJuoAMCAQICBQDbzPDtMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYTAkZSMRQwEgYDVQQKDAtT VE9STVNISUVMRDEjMCEGA1UEAwwaU3Rvcm1zaGllbGQgUm9vdCBBdXRob3JpdHkwHhcNMTQwOTA0 MTUwNzEwWhcNMjQwOTAxMTUwNzEwWjBJMQswCQYDVQQGEwJGUjEUMBIGA1UECgwLU1RPUk1TSElF TEQxJDAiBgNVBAMMG1N0b3Jtc2hpZWxkIFVzZXJzIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMKHBaAL/pVYovuOBYjd4DaxW9F07C4dxexEABdVZ2UwLTKCDu7jkTvw aECel2XxBsi7vH9DbM6roq22ynAMQiOSgwtNmeAsuUaNglk9+5KgLqGX1Hu9F3l/wWG7e/TFD/u/ MpjPgLzfogYKuTfWCas87QfR/GTLEIx+GhNPO57ehdbUiyZDAKs4867ZjzZAA0OFuJ9YuMhYl62e PnxhEpHzYoGzcWVurG2nSaL34izAy8IJFKhP45EHvcKXpRG3tCbsFwP6qeQn27CVQL3h0iVPaFfj Jtj/D+ywDXsTDjXx+DJEJZBfOCNmBn9dRzDZY/10iCADs+D5z/F5E4kfXO8CAwEAAaN2MHQwHQYD VR0OBBYEFKFthGyigIUFfHx1dYA0wRNbl9eBMB8GA1UdIwQYMBaAFLhCqfpnRPB/02GM7KXHUK60 veyjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBBjAN BgkqhkiG9w0BAQsFAAOCAgEAToL3OS3Ynp0+bYotvNFLqsEhhk0WLRfn2Dd6RDZJzhRayr4Hcvzq PnGdBJGcgz8MpXX5DZQdtT+qyHhy2jZ/BNXpX5onTtW79skTWsA3gAjhXbrK1/tWgFwGNVkmrykc 4yn8bZ5AfsXXGrOaXrwOkqS7rppRqWRwL0gzzabsBbdgDK8OhgQByG/irIvyqFUsunos2u7xk6Ew QuFktaXi6XD9IUMyFwFLojjALqJyPvUwsZKuvrW8yS0x3BD4IYVDnPkltrEzrVWDMprLz6CXD7FN umeK2sN+GTMezZ93A466ve+02c2yt0FaJg+x4naThUYPui/mQhNBlySZnIX9X4iv/9qAlAZW7CEN kJeBc6+uN74Utinu1D2mBK8tuW6HUD7LB/IecUjifq1nL1IPcwgOBZHgrAUszVCa3c1Bvfa2Sr1W bSNRxBcV9udYosD2SvDebw2YKqEvk/Ol856Bg5zRAlZ8xBqbF5bFcwuTq4qKxL//5Wp+kJrknHne 370Oag3X6hviM6ms9pfq18EGvl2NqHbLM8aMcQHnZWBZfEgX2UIzbPtDD7MVvY8h015KMiQ0QWD/ WisoABrmBBcBDKc3YnsT5ot/ZcuEdxLS/73KiKw8TD35NvkXW5CH6DNgPklRRhxhadydfyA/yTpf 4XmZD/zUig0v8h6PEmDL8ugwggP2MIIC3qADAgECAgUAhSjIwzANBgkqhkiG9w0BAQUFADBJMQsw CQYDVQQGEwJGUjEUMBIGA1UECgwLU1RPUk1TSElFTEQxJDAiBgNVBAMMG1N0b3Jtc2hpZWxkIFVz ZXJzIEF1dGhvcml0eTAeFw0xNDA5MDQxNTEwMzhaFw0xNTA5MDQxNTEwMzhaMHAxCzAJBgNVBAYT AkZSMRQwEgYDVQQKDAtTVE9STVNISUVMRDEaMBgGA1UEAwwRQWxleGFuZHJlIE1BUlRJTlMxLzAt BgkqhkiG9w0BCQEWIGFsZXhhbmRyZS5tYXJ0aW5zQHN0b3Jtc2hpZWxkLmV1MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva7AtO0nbBUoYsRPeAP+85Lv4zx5bPdpxLuQVJmFJL6VDH28 Qxoxlq0j/3HGdfFR2sFe+utPledu6F79SCJDYRQ5ZQuS+TFgyvVzCSuVqpw6z0LQdTh4pouCh71B Bb8RSUXX2zx7Fu5IlSpLjGIf0prk1xrz/YyHJLQo2mSusnogi6hF2GsEVViUZtemK+uPqVToJ5oR AAJ4mU/Xl3aCOd7O3UzNT3T0clrfpNHKrcWcyqgE6g/gY/7NiJESRov3De8xzcczLxJFO51ODlaw y8yT1AHyWIDEkcbgX1Gk4s1ImXQDoq6pQEq2O5cIr59GlSd/YBq36Av6J3LGcmVnQwIDAQABo4G9 MIG6MB0GA1UdDgQWBBTL/0iutSuRsFLRxja4yiLlnMg2rTAfBgNVHSMEGDAWgBShbYRsooCFBXx8 dXWANMETW5fXgTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwID6DArBgNVHREEJDAigSBhbGV4YW5k cmUubWFydGluc0BzdG9ybXNoaWVsZC5ldTARBglghkgBhvhCAQEEBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwQGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQBHvjAZNyBp1pfsgV5R2oECDTsU vzfyvrj1CVTbOCXtg036DS7Tms7oybwsxUv6kQg9iq5eAklfyuz53VkL9IArm/iWn9QwecxANeMq k3Lc1LIMPhqqg6WZDze1G2PfYlwBkputKyQlhifQ8Xx6wJ+avt1lum5P1EFcQfG6zreyOxfai99a QcAxP1Ry3nXQMbUzP5UZkK0+PhYvy9mTv4b1vPWxeUMMXSO1TPXN1IkuPzzvR86MDHFO17l/aqJV Mr6Ea2A/deI7JilI48fb8jTsAaxBWL5RwrreXLXBjKDsEYzrANB4Kn/uQzkjnRM1NVRS+SMro3tk hzfdSmUFXs5tMYICAzCCAf8CAQEwUjBJMQswCQYDVQQGEwJGUjEUMBIGA1UECgwLU1RPUk1TSElF TEQxJDAiBgNVBAMMG1N0b3Jtc2hpZWxkIFVzZXJzIEF1dGhvcml0eQIFAIUoyMMwCQYFKw4DAhoF AKCBhzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNTAzMTgxNzAx NDJaMCMGCSqGSIb3DQEJBDEWBBTXCYYWcWQdzVCBNC29qYuoERzUyjAoBgkqhkiG9w0BCQ8xGzAZ MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzANBgkqhkiG9w0BAQEFAASCAQBAwZF+KzSmOygYeJW3 A1pS6U2rVDPPnJidgz84KzuzIC2NzjI9oA/DM4j/s8+XaWT0ABSPabnhh2zEZ+6CQimqOM4d2ZiL wfebxcTSi92hXDQiARJQSymE/o0HH6n/Eh2vR12ihMXYXgUqCnBFhbytVLMvzwbbedApf9vdP3w7 RUvO+ucfBo6V6hqznw2AjwYcxNbAp7eyAugQY1HMScoGq5ez/HH8TpwFR7mPs4cwx9fdJ7lK2wuP j/U0BAx8wGBelF+mDBFUKDr0+akpfi5iDPhXbZaFeiicfheO8ng64yTq2UcA00Bz1K/70OTrvpYo UY2V7bD+yupLNXKILUUIAAAAAAAA --nextPart7323170.F8fcClRqky--