bin/152143: [PATCH] rtadvd(8) null pointer dereference
Przemyslaw Frasunek
venglin at freebsd.lublin.pl
Thu Nov 11 19:20:10 UTC 2010
>Number: 152143
>Category: bin
>Synopsis: [PATCH] rtadvd(8) null pointer dereference
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 11 19:20:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Przemyslaw Frasunek
>Release: FreeBSD 7.3-RELEASE i386
>Organization:
Nette sp. z o.o.
>Environment:
Generic 7.3-RELEASE
>Description:
rtadvd(8) crashes sporadically on machines with large number
of dynamically created network interfaces (ng, vlan, tap, ...).
This is due to null pointer dereference caused by race
condition, when the interface is being destroyed. See patch below.
>How-To-Repeat:
See above.
>Fix:
--- rtadvd.c.old 2010-02-10 01:26:20.000000000 +0100
+++ rtadvd.c 2010-11-11 20:08:24.000000000 +0100
@@ -659,7 +659,7 @@
* If we happen to receive data on an interface which is now
* down,
* just discard the data.
*/
- if ((iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) {
+ if ((iflist[pi->ipi6_ifindex] == NULL || iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) {
syslog(LOG_INFO,
"<%s> received data on a disabled interface
(%s)",
__func__,
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list