Date: Fri, 23 May 2025 13:06:59 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 0a16f62701f1 - main - icmp6: zero out pad space Message-ID: <202505231306.54ND6xFU045735@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0a16f62701f163f85449ad6c6dcf742b5247e8d2 commit 0a16f62701f163f85449ad6c6dcf742b5247e8d2 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2025-05-22 09:23:59 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2025-05-23 13:06:33 +0000 icmp6: zero out pad space In icmp6_redirect_output() we potentially add padding, but failed to clear this memory. This triggered a KMSAN panic during the sys/netinet/carp:unicast_v6 test. Reviewed by: zlei Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D50461 --- sys/netinet6/icmp6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index 764e57ef9b76..eaf8514fd5cf 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -2605,6 +2605,7 @@ nolladdropt: /* pad if easy enough, truncate if not */ if (8 - extra <= M_TRAILINGSPACE(m0)) { /* pad */ + bzero(m0->m_data + m0->m_len, 8 - extra); m0->m_len += (8 - extra); m0->m_pkthdr.len += (8 - extra); } else {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202505231306.54ND6xFU045735>