freebsd-nq/sys
Cy Schubert 666bd4d253 Fix a use after free panic in ipfilter's fragment processing.
Memory is malloc'd, then a search for a match in the fragment table
is made and if the fragment matches, the wrong fragment table is
freed, causing a use after free panic. This commit fixes this.

A symptom of the problem is a kernel page fault in bcopy() called by
ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a
kernel page fault in ipf_frag_delete() when called by ipf_frag_expire()
via ipf_slowtimer().

MFC after:	1 week
2017-04-14 03:54:36 +00:00
..
amd64 Map DMAP as nx. 2017-04-13 15:49:55 +00:00
arm Use proper fields to check for interrupt trigger mode. 2017-04-13 14:23:27 +00:00
arm64 Rather than checking if the top bit in a virtual address is a 0 or 1 2017-04-13 16:57:02 +00:00
boot loader: Avoid possible overflow via environment variable 2017-04-13 17:11:49 +00:00
bsm Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT: 2017-03-26 21:14:49 +00:00
cam Fix few minor issues found by Clang Analyzer. 2017-04-09 07:54:39 +00:00
cddl Fix vdev_geom_attach_by_guids for partitioned disks 2017-04-13 14:51:34 +00:00
compat linux_ioctl: Refactor some v4l2 struct converters 2017-04-13 17:34:51 +00:00
conf Disable fformat-extensions for RISC-V target as GCC 6.1 external compiler 2017-04-12 10:40:30 +00:00
contrib Fix a use after free panic in ipfilter's fragment processing. 2017-04-14 03:54:36 +00:00
crypto Implement boot-time encryption key passing (keybuf) 2017-04-01 05:05:22 +00:00
ddb Fix printing of negative offsets (typically from frame pointers) again. 2017-03-26 18:46:35 +00:00
dev Remove unnecessary check aginst NULL. txp_ext_command() with 2017-04-14 03:23:03 +00:00
fs Add an NFSv4.1 mount option for "use one openowner". 2017-04-13 21:54:19 +00:00
gdb
geom Handle NULL entries in gmirror disk ds_bios arrays. 2017-04-10 17:15:59 +00:00
gnu Update our device tree files to a Linux 4.10 2017-03-07 13:56:49 +00:00
i386 Corrected misspelled versions of rendezvous. 2017-04-09 02:00:03 +00:00
isa Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
kern Don't prefix zero with 0x in assym.s. 2017-04-13 15:43:44 +00:00
kgssapi
libkern Use inline asm instead of unportable intrinsics for the SSE4 crc32 2017-03-26 10:31:48 +00:00
mips This file is also used in libcompiler_rt, so bring in stdbool.h if we're not 2017-04-11 13:31:27 +00:00
modules Remove the last vestiges of FDC_DEBUG & FD_DEBUG 2017-04-07 16:14:25 +00:00
net Inherit IPv6 checksum offloading flags to vlan interfaces. 2017-04-11 19:23:25 +00:00
net80211 [net80211] refactor out "add slot" and "purge slot" for A-MPDU. 2017-04-11 07:05:55 +00:00
netgraph mppc - Finish pluging NETGRAPH_MPPC_COMPRESSION. 2017-01-20 00:02:11 +00:00
netinet Clear h/w csum flags on mbuf handled by UDP. 2017-04-13 17:03:57 +00:00
netinet6 Clear h/w csum flags on mbuf handled by UDP. 2017-04-13 17:03:57 +00:00
netipsec Add large replay widow support to setkey(8) and libipsec. 2017-04-13 14:44:17 +00:00
netnatm
netpfil Fix potential NULL deref. 2017-04-14 01:56:15 +00:00
netsmb
nfs Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nfsclient Add an NFSv4.1 mount option for "use one openowner". 2017-04-13 21:54:19 +00:00
nfsserver Renumber copyright clause 4 2017-02-28 23:42:47 +00:00
nlm
ofed Add full VNET support to the inet_get_local_port_range() function in 2017-03-22 15:46:31 +00:00
opencrypto Don't leak a session and lock if a GMAC key has an invalid length. 2017-04-05 01:46:41 +00:00
powerpc Corrected misspelled versions of rendezvous. 2017-04-09 02:00:03 +00:00
riscv Provide a NULL pointer to device tree blob so GENERIC kernel 2017-04-12 10:34:50 +00:00
rpc Fix a crash during unmount of an NFSv4.1 mount. 2017-04-10 22:47:18 +00:00
security Break audit_bsm_klib.c into two files: one (audit_bsm_klib.c) 2017-04-03 10:15:58 +00:00
sparc64 Corrected misspelled versions of rendezvous. 2017-04-09 02:00:03 +00:00
sys Bump __FreeBSD_version due to r316648, rename of 2017-04-10 17:59:29 +00:00
teken Oops, my fix for bright colors broke bright black some more (in cases 2017-03-27 10:48:28 +00:00
tests
tools [fdt] Make DTBs generated by make_dtb.sh overlay-ready 2017-03-10 22:45:07 +00:00
ufs ufs: Export UFS_MAXNAMLEN to pathconf, statfs 2017-04-05 01:44:03 +00:00
vm Busy the map in vm_map_protect(). 2017-04-10 21:01:42 +00:00
x86 Corrected misspelled versions of rendezvous. 2017-04-09 02:00:03 +00:00
xdr
xen xenstore: fix suspension when using the xenstore device 2017-03-07 09:17:48 +00:00
Makefile Remove pc98 support completely. 2017-01-28 02:22:15 +00:00