Re: openbsd 5.7 crash

Thu, 12 Mar 2015 02:39:57 -0700 

On 12/03/15(Thu) 09:53, Henk Jan Agteresch wrote:
> On Tue, 10 Mar 2015, Martin Pieuchot wrote:
> 
> > 
> > Here's a first diff that should prevent the stack smashing.  Could you
> > run with it and tell me if the ARP entry gets overwritten as in 5.5?
> > 
> 
> Patch works for me. Arp entry gets overwritten. No more panics during
> network configuring.
> 
> # dmesg |grep arp
> arpresolve: 213.154.229.23: incorrect arp information
> arpresolve: 213.154.229.23: incorrect arp information
> arpresolve: 213.154.229.23: incorrect arp information
> arpresolve: 213.154.229.23: incorrect arp information
> arpresolve: 213.154.229.23: incorrect arp information
> arp info overwritten for 213.154.229.23 by fe:54:00:b2:8c:98 on pcn0

Thanks for testing, I'll try to cook another diff to not encode the name
of the interface in the arp information.

Here's the same diff with the nit pointed by krw@ fixed, any ok?

Index: netinet/if_ether.c
===================================================================
RCS file: /cvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.146
diff -u -p -r1.146 if_ether.c
--- netinet/if_ether.c  11 Feb 2015 23:34:43 -0000      1.146
+++ netinet/if_ether.c  10 Mar 2015 15:25:48 -0000
@@ -399,6 +399,13 @@ arpresolve(struct arpcom *ac, struct rte
                return (EINVAL);
        }
        sdl = SDL(rt->rt_gateway);
+       if (sdl->sdl_alen > 0 && sdl->sdl_alen != ETHER_ADDR_LEN) {
+               log(LOG_DEBUG, "%s: %s: incorrect arp information\n", __func__,
+                   inet_ntop(AF_INET, &satosin(dst)->sin_addr,
+                       addr, sizeof(addr)));
+               m_freem(m);
+               return (EINVAL);
+       }
        /*
         * Check the address family and length is valid, the address
         * is resolved; otherwise, try to resolve.
Index: netinet6/nd6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.131
diff -u -p -r1.131 nd6.c
--- netinet6/nd6.c      11 Feb 2015 23:34:43 -0000      1.131
+++ netinet6/nd6.c      12 Mar 2015 09:35:34 -0000
@@ -1868,13 +1868,11 @@ nd6_storelladdr(struct ifnet *ifp, struc
                return (EINVAL);
        }
        sdl = SDL(rt->rt_gateway);
-       if (sdl->sdl_alen == 0) {
+       if (sdl->sdl_alen != ETHER_ADDR_LEN) {
                char addr[INET6_ADDRSTRLEN];
-               /* this should be impossible, but we bark here for debugging */
-               printf("nd6_storelladdr: sdl_alen == 0, dst=%s, if=%s\n",
+               log(LOG_DEBUG, "%s: %s: incorrect nd6 information\n", __func__,
                    inet_ntop(AF_INET6, &satosin6(dst)->sin6_addr,
-                       addr, sizeof(addr)),
-                   ifp->if_xname);
+                       addr, sizeof(addr)));
                m_freem(m);
                return (EINVAL);
        }

Reply via email to