Page MenuHomeFreeBSD
Differential D24125

Fix synchronization in the IPV6_2292PKTOPTIONS set handler.
ClosedPublic
Actions

Authored by markj on Mar 19 2020, 5:58 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 8:00 PM
Unknown Object (File)
Mon, Oct 28, 4:52 PM
Unknown Object (File)
Oct 8 2024, 2:43 PM
Unknown Object (File)
Sep 27 2024, 2:07 PM
Unknown Object (File)
Sep 27 2024, 8:33 AM
Unknown Object (File)
Sep 22 2024, 7:56 PM
Unknown Object (File)
Sep 4 2024, 3:57 PM
Unknown Object (File)
Aug 27 2024, 1:20 AM
View All 28 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
ae
melifaro
bz
tuexen
Commits
rS359154: Fix synchronization in the IPV6_2292PKTOPTIONS set handler.
Summary

The inpcb needs to be locked when we update output packet options.
Otherwise it is possible for the IPV6_2292PKTOPTIONS handler to free
packet option structures while another thread is reading or updating
them.

Note that the option handler is still kind of broken. For instance it
frees all options before performing privilege checks for individual
options. However, this can be fixed separately.

Reported by: syzbot+52eb0fd4ddc119787f9d@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet6/
13 lines

Diff 69694

View Options

head/sys/netinet6/ip6_output.c

Loading...