kern/111537: [patch] ip6_input() treats mbuf cluster wrong
Thomas Karcher
thkarcher at gmx.de
Fri Apr 13 13:00:10 UTC 2007
>Number: 111537
>Category: kern
>Synopsis: [patch] ip6_input() treats mbuf cluster wrong
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 13 13:00:09 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Thomas Karcher
>Release: RELENG_6_2_0_RELEASE
>Organization:
>Environment:
>Description:
In ip6_input() after line 294, a bunch of code takes care of copying the mbuf/mbuf cluster to a more KAME conform mbuf/mbuf cluster - but in my opinion, it does it not completely right ...
In line 318, the m_copydata() call works only if the new mbuf n is "just" an mbuf and not an mbuf cluster. See the solution what I mean.
>How-To-Repeat:
>Fix:
I think the code should look like this:
318 if (n && n->m_pkthdr.len > MHLEN) {
319 m_copydata(m, 0, n->m_pkthdr.len, n->m_ext.ext_buf);
320 n->m_data = n->m_ext.ext_buf;
321 } else {
322 m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t));
323 }
Please find a diff attached.
Patch attached with submission follows:
Index: netinet6/ip6_input.c
===================================================================
--- netinet6/ip6_input.c (revision 576)
+++ netinet6/ip6_input.c (working copy)
@@ -315,7 +315,12 @@
return; /* ENOBUFS */
}
- m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t));
+ if (n && n->m_pkthdr.len > MHLEN) {
+ m_copydata(m, 0, n->m_pkthdr.len, n->m_ext.ext_buf);
+ n->m_data = n->m_ext.ext_buf;
+ } else {
+ m_copydata(m, 0, n->m_pkthdr.len, mtod(n, caddr_t));
+ }
n->m_len = n->m_pkthdr.len;
m_freem(m);
m = n;
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list