d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
666bd4d253
freebsd-dev/sys/contrib
History
Cy Schubert 666bd4d253 Fix a use after free panic in ipfilter's fragment processing. 
Memory is malloc'd, then a search for a match in the fragment table
is made and if the fragment matches, the wrong fragment table is
freed, causing a use after free panic. This commit fixes this.

A symptom of the problem is a kernel page fault in bcopy() called by
ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a
kernel page fault in ipf_frag_delete() when called by ipf_frag_expire()
via ipf_slowtimer().

MFC after:	1 week
2017-04-14 03:54:36 +00:00
..
alpine-hal Update Annapurna Alpine HAL 2016-09-20 09:19:22 +00:00
ck Import CK as of commit 6b141c0bdd21ce8b3e14147af8f87f22b20ecf32 2017-04-09 21:02:05 +00:00
cloudabi Sync in the latest CloudABI generated source files. 2017-01-17 22:03:08 +00:00
dev Merge ACPICA 20170303. 2017-03-03 18:56:15 +00:00
edk2 Copy needed include files from EDK2. This is a minimal set gleened 2017-03-08 02:47:59 +00:00
ipfilter/netinet Fix a use after free panic in ipfilter's fragment processing. 2017-04-14 03:54:36 +00:00
libfdt
libnv Fix style issue in the cnv API. 2016-08-27 13:40:27 +00:00
ncsw Simplify the page tracking for VA<->PA translations. 2016-11-16 05:24:42 +00:00
ngatm
octeon-sdk Fix octeon model comparison in Cavium SDK 2016-10-13 17:16:32 +00:00
rdma/krping krping: Allow the underlying ib_device to handle DMA mappings. 2016-10-24 20:53:44 +00:00
v4l
vchiq/interface Stop including sys/types.h from arm's machine/atomic.h, fix the places 2017-02-11 01:07:46 +00:00
x86emu Optimize ROL and ROR emulations and fix comments. 2016-02-18 23:03:37 +00:00
xz-embedded