svn commit: r299771 - head/sbin/routed
Pedro F. Giffuni
pfg at FreeBSD.org
Sat May 14 23:07:27 UTC 2016
Author: pfg
Date: Sat May 14 23:07:26 2016
New Revision: 299771
URL: https://svnweb.freebsd.org/changeset/base/299771
Log:
routed: Fix use after free.
For the multihomed case, ifp be used after being freed. NULL the value
after freeing it and avoid getting into the branch without reassigning
a new value.
CID: 272671
Obtained from: NetBSD
MFC after: 2 weeks
Modified:
head/sbin/routed/if.c
Modified: head/sbin/routed/if.c
==============================================================================
--- head/sbin/routed/if.c Sat May 14 22:43:07 2016 (r299770)
+++ head/sbin/routed/if.c Sat May 14 23:07:26 2016 (r299771)
@@ -955,6 +955,7 @@ ifinit(void)
(intmax_t)now.tv_sec -
ifp->int_data.ts);
ifdel(ifp);
+ ifp = NULL;
}
continue;
}
@@ -1151,7 +1152,7 @@ ifinit(void)
/* If we are multi-homed, optionally advertise a route to
* our main address.
*/
- if (advertise_mhome
+ if ((advertise_mhome && ifp)
|| (tot_interfaces > 1
&& mhome
&& (ifp = ifwithaddr(myaddr, 0, 0)) != NULL
More information about the svn-src-head
mailing list