On 18.03.2015 20:01, Alexandre Martins wrote:
Dear,
I'm facing some crash around manipulations of IPv6 address.
I already found that the commit 275593 will fix my issue.
However, after some code review, i see a possible race in the function
nd6_na_input:
https://svnweb.freebsd.org/base/head/sys/netinet6/nd6_nbr.c?annotate=279676#l750
=-=-=-=-=-=-=-=-=-=
if (ifa
(((struct in6_ifaddr *)ifa)-ia6_flags IN6_IFF_TENTATIVE)) {
ifa_free(ifa);
nd6_dad_na_input(ifa);
goto freeit;
}
=-=-=-=-=-=-=-=-=-=
As you can see, the function drop its reference on the address and pass it to
nd6_dad_na_input.
It should be better to release the reference after the call.
What about you?
Hi,
Actually nd6_dad_na_input() uses ifa only for addresses comparison, so
there shouldn't be some negative impact in this race. But for the better
code logic I'll commit this change. Thanks.
--
WBR, Andrey V. Elsukov
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org