.. is it possible to trigger a remote DoS through mbuf exhaustion somehow by exploiting this?
Adrian On 25 April 2013 10:38, Gleb Smirnoff <gleb...@freebsd.org> wrote: > Author: glebius > Date: Thu Apr 25 17:38:04 2013 > New Revision: 249903 > URL: http://svnweb.freebsd.org/changeset/base/249903 > > Log: > Fix couple of mbuf leaks in incoming ARP processing. > > Modified: > head/sys/netinet/if_ether.c > > Modified: head/sys/netinet/if_ether.c > ============================================================================== > --- head/sys/netinet/if_ether.c Thu Apr 25 17:27:13 2013 (r249902) > +++ head/sys/netinet/if_ether.c Thu Apr 25 17:38:04 2013 (r249903) > @@ -558,13 +558,13 @@ in_arpinput(struct mbuf *m) > if (ah->ar_pln != sizeof(struct in_addr)) { > log(LOG_NOTICE, "in_arp: requested protocol length != %zu\n", > sizeof(struct in_addr)); > - return; > + goto drop; > } > > if (allow_multicast == 0 && ETHER_IS_MULTICAST(ar_sha(ah))) { > log(LOG_NOTICE, "arp: %*D is multicast\n", > ifp->if_addrlen, (u_char *)ar_sha(ah), ":"); > - return; > + goto drop; > } > > op = ntohs(ah->ar_op); _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
