Date: Thu, 18 Apr 2002 12:47:22 +0300 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: SUZUKI Shinsuke <suz@FreeBSD.ORG> Cc: Garrett Wollman <wollman@FreeBSD.ORG>, jayanth@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Questions on ip_output.c's patch for FreeBSD-SA-02:21.tcpip Message-ID: <20020418094722.GG98788@sunbay.com> In-Reply-To: <x7vgapxy7o.wl@s30.crl.hitachi.co.jp> References: <200204171923.g3HJNg958905@freefall.freebsd.org> <x7vgapxy7o.wl@s30.crl.hitachi.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
--17/8oYur5Y32USnW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Apr 18, 2002 at 04:28:11PM +0900, SUZUKI Shinsuke wrote: > Hello all, >=20 > #I'm not sure where to discuss this issue. So please forward this > #mail or reply with CC for the appropriate person or ML. >=20 > > FreeBSD-SA-02:21.tcpip Security Ad= visory > > Topic: routing table memory leak > > Category: core > > Module: net > > Announced: 2002-04-17 > > Credits: Jayanth Vijayaraghavan <jayanth@FreeBSD.org> > > Ruslan Ermilov <ru@FreeBSD.org> > I have one proposal for this fix. >=20 > In this patch, ip_output() is assumed to receive non-NULL rtentry > argument from its caller. >=20 > Two files are patched to support this, so there's no problem right > now. However if some new module calls ip_output() carelessly with > NULL rtentry argument, kernel would crash. > I don't think it is a good change. >=20 > KAME rewrote the attached patch to improve this point: > - This memory leak is fixed, of course:-) > (at least I confirmed on 5-current). > - Non-NULL rtentry for ip_output() is still accepted. So only a > patch in ip_output.c is enough. >=20 > Could you please correct me if I'm wrong, or consider adopting this > patch? > (it's a patch for 5-current, but it's not so difficult to modify it for > 4-stable and 4.5-release branch) >=20 I strongly object to this change. BSD historically didn't allow for ip_output() to be called with the NULL route pointer. I changed this in rev. 1.143 in a blind attempt to fix a panic condition I introduced in ip_icmp.c,v 1.64. Unfortunately, this didn't actually fix the ip_icmp.c bug but rather _hided_ it. Many respectful people objected to the 1.143 change, including Garrett Wollman, but I didn't realize at the time why this was bad. I since have fixed my mind, and I now realize why it's bad. The details could be found in the commit log for ip_output.c,v 1.153. Hopefully you can follow that. Cheers, --=20 Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --17/8oYur5Y32USnW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8vpYqUkv4P6juNwoRAmzcAJ9cWMbvRHo79AQmjxeAki78XJ1IdwCeKi8d G4dXVXEh90y1CuSMFayRvOU= =0RVN -----END PGP SIGNATURE----- --17/8oYur5Y32USnW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020418094722.GG98788>