Page MenuHomeFreeBSD
Differential D24125

Fix synchronization in the IPV6_2292PKTOPTIONS set handler.
ClosedPublic
Actions

Authored by markj on Mar 19 2020, 5:58 PM.
Tags
None
Referenced Files
F151591520: D24125.id69689.diff
Thu, Apr 9, 9:21 AM
F151509551: D24125.id69689.diff
Wed, Apr 8, 10:18 PM
Unknown Object (File)
Tue, Apr 7, 4:31 PM
Unknown Object (File)
Sat, Mar 28, 4:41 AM
Unknown Object (File)
Fri, Mar 27, 9:45 PM
Unknown Object (File)
Wed, Mar 25, 7:47 PM
Unknown Object (File)
Fri, Mar 20, 2:10 AM
Unknown Object (File)
Fri, Mar 20, 2:10 AM
View All 100 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
ae
melifaro
bz
tuexen
Commits
rS359154: Fix synchronization in the IPV6_2292PKTOPTIONS set handler.
Summary

The inpcb needs to be locked when we update output packet options.
Otherwise it is possible for the IPV6_2292PKTOPTIONS handler to free
packet option structures while another thread is reading or updating
them.

Note that the option handler is still kind of broken. For instance it
frees all options before performing privilege checks for individual
options. However, this can be fixed separately.

Reported by: syzbot+52eb0fd4ddc119787f9d@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
head/
sys/
netinet6/
13 lines

Diff 69694

View Options

head/sys/netinet6/ip6_output.c

Loading...