CVSROOT: /cvs
Module name: src
Changes by: mi...@cvs.openbsd.org 2015/09/24 08:01:20
Modified files:
sys/net : if_trunk.c trunklacp.c
Log message:
Avoid a theoretical m_pullup(9) mishandling by delegating the mbuf
reclaiming to the PDU and marker input routines.
m_pullup may return a pointer to the newly allocated mbuf. In this
case m_freem is called by the trunk_input, not by the proto specific
code and pointer to the mbuf is not passed by reference. Therefore
m_freem will either be called on the middle element of the chain
(when the m_pullup call succeeds) or on the stale pointer (when it
frees the chain in the failure case). Fortunately we should never
hit this case as the receive path uniformly uses contiguous chunks
of memory.
Verified with and ok blambert, ok mpi
