Date: Mon, 15 Jun 2015 16:51:17 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-net@FreeBSD.org Subject: [Bug 200323] BPF userland misuse can crash the system Message-ID: <bug-200323-2472-I1bS0Vwoi2@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200323-2472@https.bugs.freebsd.org/bugzilla/> References: <bug-200323-2472@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200323 --- Comment #11 from Ermal Lu=C3=A7i <eri@pfsense.org> --- (In reply to Kubilay Kocak from comment #10) Ok i am posting this to phabricator since i am a freebsd developer :) Just for the reference here is another iteration of the patch diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c index fec6aa0..aa370d6 100644 --- a/sys/netinet/if_ether.c +++ b/sys/netinet/if_ether.c @@ -364,6 +364,7 @@ retry: if ((la->la_flags & LLE_VALID) && ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) { bcopy(&la->ll_addr, desten, ifp->if_addrlen); + renew =3D 0; /* * If entry has an expiry time and it is approaching, * see if we need to send an ARP request within this @@ -371,14 +372,22 @@ retry: */ if (!(la->la_flags & LLE_STATIC) && time_uptime + la->la_preempt > la->la_expire) { - arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL); + renew =3D 1; la->la_preempt--; } if (pflags !=3D NULL) *pflags =3D la->la_flags; - error =3D 0; - goto done; + + if (flags & LLE_EXCLUSIVE) + LLE_WUNLOCK(la); + else + LLE_RUNLOCK(la); + + if (renew =3D=3D 1) + arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL); + + return (0); } if (la->la_flags & LLE_STATIC) { /* should not happen! */ --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200323-2472-I1bS0Vwoi2>