Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-doc
 Path: blob/main/website/static/security/patches/EN-12:02/ipv6refcount-83.patch
18096 views
1
Index: sys/netinet6/in6.c

2
===================================================================

3
--- sys/netinet6/in6.c.orig

4
+++ sys/netinet6/in6.c

5
@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c

6
 			hostid = IFA_IN6(ifa);

7
 

8
 			/* prefixlen must be <= 64. */

9
-			if (64 < iflr->prefixlen)

10
+			if (64 < iflr->prefixlen) {

11
+				if (ifa != NULL)

12
+					ifa_free(ifa);

13
 				return EINVAL;

14
+			}

15
 			prefixlen = iflr->prefixlen;

16
 

17
 			/* hostid part must be zero. */

18
 			sin6 = (struct sockaddr_in6 *)&iflr->addr;

19
 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||

20
 			    sin6->sin6_addr.s6_addr32[3] != 0) {

21
+				if (ifa != NULL)

22
+					ifa_free(ifa);

23
 				return EINVAL;

24
 			}

25
 		} else

26
@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr

27
 		IF_ADDR_UNLOCK(ifp);

28
 		return (struct in6_ifaddr *)ifa;

29
 	}

30
-	IF_ADDR_UNLOCK(ifp);

31
 

32
 	/* use the last-resort values, that are, deprecated addresses */

33
-	if (dep[0])

34
+	if (dep[0]) {

35
+		ifa_ref((struct ifaddr *)dep[0]);

36
+		IF_ADDR_UNLOCK(ifp);

37
 		return dep[0];

38
-	if (dep[1])

39
+	}

40
+	if (dep[1]) {

41
+		ifa_ref((struct ifaddr *)dep[1]);

42
+		IF_ADDR_UNLOCK(ifp);

43
 		return dep[1];

44
+	}

45
 

46
+	IF_ADDR_UNLOCK(ifp);

47
 	return NULL;

48
 }

49
 

50
Index: sys/netinet6/ip6_input.c

51
===================================================================

52
--- sys/netinet6/ip6_input.c.orig

53
+++ sys/netinet6/ip6_input.c

54
@@ -879,19 +879,23 @@ passin:

55
 	 * as our interface address (e.g. multicast addresses, addresses

56
 	 * within FAITH prefixes and such).

57
 	 */

58
-	if (deliverifp && !ip6_getdstifaddr(m)) {

59
+	if (deliverifp) {

60
 		struct in6_ifaddr *ia6;

61
 

62
-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);

63
-		if (ia6) {

64
-			if (!ip6_setdstifaddr(m, ia6)) {

65
-				/*

66
-				 * XXX maybe we should drop the packet here,

67
-				 * as we could not provide enough information

68
-				 * to the upper layers.

69
-				 */

70
+ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {

71
+			ifa_free(&ia6->ia_ifa);

72
+		} else {

73
+			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);

74
+			if (ia6) {

75
+				if (!ip6_setdstifaddr(m, ia6)) {

76
+					/*

77
+					 * XXX maybe we should drop the packet here,

78
+					 * as we could not provide enough information

79
+					 * to the upper layers.

80
+					 */

81
+				}

82
+				ifa_free(&ia6->ia_ifa);

83
 			}

84
-			ifa_free(&ia6->ia_ifa);

85
 		}

86
 	}

87
 

88
Index: sys/netinet/tcp_input.c

89
===================================================================

90
--- sys/netinet/tcp_input.c.orig

91
+++ sys/netinet/tcp_input.c

92
@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)

93
 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);

94
 		return IPPROTO_DONE;

95
 	}

96
+	if (ia6)

97
+		ifa_free(&ia6->ia_ifa);

98
 

99
 	tcp_input(m, *offp);

100
 	return IPPROTO_DONE;

101
@@ -1240,7 +1242,8 @@ relocked:

102
 				rstreason = BANDLIM_RST_OPENPORT;

103
 				goto dropwithreset;

104
 			}

105
-			ifa_free(&ia6->ia_ifa);

106
+			if (ia6)

107
+				ifa_free(&ia6->ia_ifa);

108
 		}

109
 #endif /* INET6 */

110
 		/*

111


112