Date: Thu, 8 Apr 2004 09:21:39 -0500 (CDT) From: Archie Cobbs <archie@dellroad.org> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: Julian Elischer <julian@elischer.org> Subject: Re: ng_bridge(4) has an easily exploitable memory leak Message-ID: <200404081421.i38ELdgJ003094@arch20m.dellroad.org> In-Reply-To: <20040408100929.GD16290@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov wrote: > > > On RELENG_4, ng_bridge(4) has an easily exploitable memory leak, > > > and may quickly run system out of mbufs. It's enough to just > > > have only one link connected to the bridge, e.g., the "upper" > > > hook of the ng_ether(4) with IP address assigned, and pinging > > > the broadcast IP address on the interface. The bug is more > > > real when constructing a bridge, or, like we experienced it, > > > by shutting down all except one bridge's link. The following > > > patch fixes it: > > > > [snipped] > > > > An alternate solution is to MFC most of ng_bridge.c,v 1.8. Julian? > > > > what does an MFC diff look like? > > (bridge is one of archies's nodes) I'd just like to add a personal note... "Oops!" :-) -Archie __________________________________________________________________________ Archie Cobbs * CTO, Awarix * http://www.awarix.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404081421.i38ELdgJ003094>