Date: Tue, 30 Jun 2009 22:33:12 +0300 From: Mikolaj Golub <to.my.trociny@gmail.com> To: bug-followup@FreeBSD.org Cc: freebsd-net@FreeBSD.org, Alexander Motin <mav@FreeBSD.org>, Sergei Cherveni <sergei.cherveni@gmail.com> Subject: Re: kern/134557: [netgraph] [hang] 7.2 with mpd5.3 hanging up - ng_pptp problem Message-ID: <86ocs5zfd3.fsf@kopusha.onet> In-Reply-To: <200906101720.n5AHK3pr036971@freefall.freebsd.org> (Roar Pettersen's message of "Wed\, 10 Jun 2009 17\:20\:03 GMT") References: <200906101720.n5AHK3pr036971@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
----------
Author: mav
Date: Sat Jan 31 12:48:09 2009 UTC (4 months, 4 weeks ago)
Log Message:
MFC rev. 187495
Check for infinite recursion possible on some broken PPTP/L2TP/... VPN setups.
Mark packets with mbuf_tag on first interface passage and drop on second.
PR: ports/129625, ports/125303
----------
If a packet goes through two or more ng interfaces, "while" loop in the tag
checking code can run infinitely. The attached patch should fix this.
--
Mikolaj Golub
[-- Attachment #2 --]
--- netgraph/ng_iface.c.orig 2009-06-30 21:47:54.000000000 +0300
+++ netgraph/ng_iface.c 2009-06-30 21:49:29.000000000 +0300
@@ -365,7 +365,8 @@
}
/* Protect from deadly infinite recursion. */
- while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, NULL))) {
+ mtag = NULL;
+ while ((mtag = m_tag_locate(m, MTAG_NGIF, MTAG_NGIF_CALLED, mtag))) {
if (*(struct ifnet **)(mtag + 1) == ifp) {
log(LOG_NOTICE, "Loop detected on %s\n", ifp->if_xname);
m_freem(m);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ocs5zfd3.fsf>