svn commit: r206989 - head/sys/netinet
Bjoern A. Zeeb
bz at FreeBSD.org
Wed Apr 21 10:21:35 UTC 2010
Author: bz
Date: Wed Apr 21 10:21:34 2010
New Revision: 206989
URL: http://svn.freebsd.org/changeset/base/206989
Log:
Avoid memory access after free. Use the (shortend) copy for the
ipsec mtu lookup as well.
PR: kern/145736
Submitted by: Peter Molnar (peter molnar.cc)
MFC after: 3 days
Modified:
head/sys/netinet/ip_input.c
Modified: head/sys/netinet/ip_input.c
==============================================================================
--- head/sys/netinet/ip_input.c Wed Apr 21 08:18:06 2010 (r206988)
+++ head/sys/netinet/ip_input.c Wed Apr 21 10:21:34 2010 (r206989)
@@ -1590,7 +1590,7 @@ ip_forward(struct mbuf *m, int srcrt)
* If IPsec is configured for this path,
* override any possibly mtu value set by ip_output.
*/
- mtu = ip_ipsec_mtu(m, mtu);
+ mtu = ip_ipsec_mtu(mcopy, mtu);
#endif /* IPSEC */
/*
* If the MTU was set before make sure we are below the
More information about the svn-src-all
mailing list