CoCalc -- ipv6refcount.patch

GitHub Repository: freebsd/freebsd-doc
Path: blob/main/website/static/security/patches/EN-12:02/ipv6refcount.patch
¹⁸⁰⁹⁶ views
1
Index: sys/netinet6/in6.c
2
===================================================================
3
--- sys/netinet6/in6.c.orig
4
+++ sys/netinet6/in6.c
5
@@ -1369,6 +1369,8 @@ in6_purgeaddr(struct ifaddr *ifa)
6
 	}
7
 
8
 cleanup:
9
+	if (ifa0 != NULL)
10
+		ifa_free(ifa0);
11
 
12
 	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
13
 	if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
14
@@ -1393,8 +1395,6 @@ cleanup:
15
 			return;
16
 		ia->ia_flags &= ~IFA_ROUTE;
17
 	}
18
-	if (ifa0 != NULL)
19
-		ifa_free(ifa0);
20
 
21
 	in6_unlink_ifa(ia, ifp);
22
 }
23
@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c
24
 			hostid = IFA_IN6(ifa);
25
 
26
 			/* prefixlen must be <= 64. */
27
-			if (64 < iflr->prefixlen)
28
+			if (64 < iflr->prefixlen) {
29
+				if (ifa != NULL)
30
+					ifa_free(ifa);
31
 				return EINVAL;
32
+			}
33
 			prefixlen = iflr->prefixlen;
34
 
35
 			/* hostid part must be zero. */
36
 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
37
 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
38
 			    sin6->sin6_addr.s6_addr32[3] != 0) {
39
+				if (ifa != NULL)
40
+					ifa_free(ifa);
41
 				return EINVAL;
42
 			}
43
 		} else
44
@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr
45
 		IN6_IFADDR_RUNLOCK();
46
 		return (struct in6_ifaddr *)ifa;
47
 	}
48
-	IN6_IFADDR_RUNLOCK();
49
 
50
 	/* use the last-resort values, that are, deprecated addresses */
51
-	if (dep[0])
52
+	if (dep[0]) {
53
+		ifa_ref((struct ifaddr *)dep[0]);
54
+		IN6_IFADDR_RUNLOCK();
55
 		return dep[0];
56
-	if (dep[1])
57
+	}
58
+	if (dep[1]) {
59
+		ifa_ref((struct ifaddr *)dep[1]);
60
+		IN6_IFADDR_RUNLOCK();
61
 		return dep[1];
62
+	}
63
 
64
+	IN6_IFADDR_RUNLOCK();
65
 	return NULL;
66
 }
67
 
68
Index: sys/netinet6/ip6_input.c
69
===================================================================
70
--- sys/netinet6/ip6_input.c.orig
71
+++ sys/netinet6/ip6_input.c
72
@@ -879,19 +879,23 @@ passin:
73
 	 * as our interface address (e.g. multicast addresses, addresses
74
 	 * within FAITH prefixes and such).
75
 	 */
76
-	if (deliverifp && !ip6_getdstifaddr(m)) {
77
+	if (deliverifp) {
78
 		struct in6_ifaddr *ia6;
79
 
80
-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
81
-		if (ia6) {
82
-			if (!ip6_setdstifaddr(m, ia6)) {
83
-				/*
84
-				 * XXX maybe we should drop the packet here,
85
-				 * as we could not provide enough information
86
-				 * to the upper layers.
87
-				 */
88
+ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
89
+			ifa_free(&ia6->ia_ifa);
90
+		} else {
91
+			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
92
+			if (ia6) {
93
+				if (!ip6_setdstifaddr(m, ia6)) {
94
+					/*
95
+					 * XXX maybe we should drop the packet here,
96
+					 * as we could not provide enough information
97
+					 * to the upper layers.
98
+					 */
99
+				}
100
+				ifa_free(&ia6->ia_ifa);
101
 			}
102
-			ifa_free(&ia6->ia_ifa);
103
 		}
104
 	}
105
 
106
Index: sys/netinet/tcp_input.c
107
===================================================================
108
--- sys/netinet/tcp_input.c.orig
109
+++ sys/netinet/tcp_input.c
110
@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
111
 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
112
 		return IPPROTO_DONE;
113
 	}
114
+	if (ia6)
115
+		ifa_free(&ia6->ia_ifa);
116
 
117
 	tcp_input(m, *offp);
118
 	return IPPROTO_DONE;
119
@@ -1240,7 +1242,8 @@ relocked:
120
 				rstreason = BANDLIM_RST_OPENPORT;
121
 				goto dropwithreset;
122
 			}
123
-			ifa_free(&ia6->ia_ifa);
124
+			if (ia6)
125
+				ifa_free(&ia6->ia_ifa);
126
 		}
127
 #endif /* INET6 */
128
 		/*
129

130
Product

Resources

Company
