Author: gordon
Date: Thu Sep 27 18:29:55 2018
New Revision: 338978
URL: https://svnweb.freebsd.org/changeset/base/338978
Log:
Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
Approved by: so
Security: FreeBSD-EN-18:09.ip
Modified:
releng/11.1/UPDATING
releng/11.1/sys/conf/newvers.sh
releng/11.1/sys/netinet6/frag6.c
releng/11.2/UPDATING
releng/11.2/sys/conf/newvers.sh
releng/11.2/sys/netinet6/frag6.c
Modified: releng/11.1/UPDATING
==============================================================================
--- releng/11.1/UPDATING Thu Sep 27 18:14:01 2018 (r338977)
+++ releng/11.1/UPDATING Thu Sep 27 18:29:55 2018 (r338978)
@@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG and
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.
+20180927 p15 FreeBSD-EN-18:09.ip
+ FreeBSD-EN-18:10.syscall
+ FreeBSD-EN-18:11.listen
+ FreeBSD-EN-18:12.mem
+
+ Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
+
+ Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
+
+ Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
+
+ Fix small kernel memory disclosures. [EN-18:12.mem]
+
20180912 p14 FreeBSD-SA-18:12.elf
FreeBSD-EN-18:08.lazyfpu
Modified: releng/11.1/sys/conf/newvers.sh
==============================================================================
--- releng/11.1/sys/conf/newvers.sh Thu Sep 27 18:14:01 2018
(r338977)
+++ releng/11.1/sys/conf/newvers.sh Thu Sep 27 18:29:55 2018
(r338978)
@@ -44,7 +44,7 @@
TYPE="FreeBSD"
REVISION="11.1"
-BRANCH="RELEASE-p14"
+BRANCH="RELEASE-p15"
if [ -n "${BRANCH_OVERRIDE}" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/11.1/sys/netinet6/frag6.c
==============================================================================
--- releng/11.1/sys/netinet6/frag6.c Thu Sep 27 18:14:01 2018
(r338977)
+++ releng/11.1/sys/netinet6/frag6.c Thu Sep 27 18:29:55 2018
(r338978)
@@ -216,7 +216,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
int offset = *offp, nxt, i, next;
int first_frag = 0;
int fragoff, frgpartlen; /* must be larger than u_int16_t */
- uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
+ uint32_t hashkey[(sizeof(struct in6_addr) * 2 +
+ sizeof(ip6f->ip6f_ident)) / sizeof(uint32_t)];
+ uint32_t hash, *hashkeyp;
struct ifnet *dstifp;
u_int8_t ecn, ecn0;
#ifdef RSS
Modified: releng/11.2/UPDATING
==============================================================================
--- releng/11.2/UPDATING Thu Sep 27 18:14:01 2018 (r338977)
+++ releng/11.2/UPDATING Thu Sep 27 18:29:55 2018 (r338978)
@@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG and
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.
+20180927 p4 FreeBSD-EN-18:09.ip
+ FreeBSD-EN-18:10.syscall
+ FreeBSD-EN-18:11.listen
+ FreeBSD-EN-18:12.mem
+
+ Fix regression in IPv6 fragment reassembly. [EN-18:09.ip]
+
+ Fix NULL pointer dereference in freebsd4_getfsstat. [EN-18:10.syscall]
+
+ Fix DoS in listen syscall over IPv6 socket. [EN-18:11.listen]
+
+ Fix small kernel memory disclosures. [EN-18:12.mem]
+
20180912 p3 FreeBSD-SA-18:12.elf
FreeBSD-EN-18:08.lazyfpu
Modified: releng/11.2/sys/conf/newvers.sh
==============================================================================
--- releng/11.2/sys/conf/newvers.sh Thu Sep 27 18:14:01 2018
(r338977)
+++ releng/11.2/sys/conf/newvers.sh Thu Sep 27 18:29:55 2018
(r338978)
@@ -44,7 +44,7 @@
TYPE="FreeBSD"
REVISION="11.2"
-BRANCH="RELEASE-p3"
+BRANCH="RELEASE-p4"
if [ -n "${BRANCH_OVERRIDE}" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/11.2/sys/netinet6/frag6.c
==============================================================================
--- releng/11.2/sys/netinet6/frag6.c Thu Sep 27 18:14:01 2018
(r338977)
+++ releng/11.2/sys/netinet6/frag6.c Thu Sep 27 18:29:55 2018
(r338978)
@@ -216,7 +216,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto)
int offset = *offp, nxt, i, next;
int first_frag = 0;
int fragoff, frgpartlen; /* must be larger than u_int16_t */
- uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp;
+ uint32_t hashkey[(sizeof(struct in6_addr) * 2 +
+ sizeof(ip6f->ip6f_ident)) / sizeof(uint32_t)];
+ uint32_t hash, *hashkeyp;
struct ifnet *dstifp;
u_int8_t ecn, ecn0;
#ifdef RSS
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
