Date: Tue, 20 Oct 2009 21:36:56 +0000 (UTC) From: Qing Li <qingli@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/netinet if_ether.c Message-ID: <200910202137.n9KLbEWq016829@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
qingli 2009-10-20 21:36:56 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_8)
sys/netinet if_ether.c
Log:
SVN rev 198308 on 2009-10-20 21:36:56Z by qingli
MFC 198301
In the ARP callout timer expiration function, the current time_second
is compared against the entry expiration time value (that was set based
on time_second) to check if the current time is larger than the set
expiration time. Due to the +/- timer granularity value, the comparison
returns false, causing the alternative code to be executed. The
alternative code path freed the memory without removing that entry
from the table list, causing a use-after-free bug.
Reviewed by: discussed with kmacy
Approved by: re
Verified by: rnoland, yongari
Revision Changes Path
1.208.2.5 +9 -9 src/sys/netinet/if_ether.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910202137.n9KLbEWq016829>