Date: Tue, 20 Oct 2009 17:55:42 +0000 (UTC) From: Qing Li <qingli@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/netinet if_ether.c Message-ID: <200910201756.n9KHu1eb088495@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
qingli 2009-10-20 17:55:42 UTC
FreeBSD src repository
Modified files:
sys/netinet if_ether.c
Log:
SVN rev 198301 on 2009-10-20 17:55:42Z by qingli
In the ARP callout timer expiration function, the current time_second
is compared against the entry expiration time value (that was set based
on time_second) to check if the current time is larger than the set
expiration time. Due to the +/- timer granularity value, the comparison
returns false, causing the alternative code to be executed. The
alternative code path freed the memory without removing that entry
from the table list, causing a use-after-free bug.
Reviewed by: discussed with kmacy
MFC after: immediately
Verified by: rnoland, yongari
Revision Changes Path
1.214 +9 -9 src/sys/netinet/if_ether.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910201756.n9KHu1eb088495>