[Glibc-bsd-commits] r4304 - in trunk/kfreebsd-8/debian: . patches

Steven Chamberlain stevenc-guest at alioth.debian.org
Fri Jun 15 13:13:08 UTC 2012 

Author: stevenc-guest
Date: 2012-06-15 13:13:08 +0000 (Fri, 15 Jun 2012)
New Revision: 4304

Added:
   trunk/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch
Modified:
   trunk/kfreebsd-8/debian/changelog
   trunk/kfreebsd-8/debian/patches/series
Log:
Apply upstream EN-12:02.ipv6refcount patch

Upstream's ipv6refcount-83.patch had line numbers and a stray /* INET6 */ that didn't match with RELENG_8_3 or 8.3-RELEASE;  was able to refresh it carefully against our sources and it now matches the actual commit that upstream made to RELENG_8_3.


Modified: trunk/kfreebsd-8/debian/changelog
===================================================================
--- trunk/kfreebsd-8/debian/changelog	2012-06-15 12:29:24 UTC (rev 4303)
+++ trunk/kfreebsd-8/debian/changelog	2012-06-15 13:13:08 UTC (rev 4304)
@@ -2,8 +2,9 @@
 
   [ Steven Chamberlain ]
   * Apply upstream SA-12:04.sysret patch (CVE-2012-0217) (Closes: #677297)
+  * Apply upstream EN-12:02.ipv6refcount patch
 
- -- GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org>  Wed, 13 Jun 2012 21:03:59 +0100
+ -- GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org>  Fri, 15 Jun 2012 13:33:20 +0100
 
 kfreebsd-8 (8.3-3) unstable; urgency=high
 

Added: trunk/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch
===================================================================
--- trunk/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch	                        (rev 0)
+++ trunk/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch	2012-06-15 13:13:08 UTC (rev 4304)
@@ -0,0 +1,116 @@
+Description:
+ Fix reference count errors in IPv6 code. [EN-12:02]
+Origin: vendor, http://security.freebsd.org/patches/EN-12:02/ipv6refcount.patch
+Bug: http://security.freebsd.org/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=236953
+
+Index: kfreebsd-8.trunk/sys/netinet6/in6.c
+===================================================================
+--- kfreebsd-8.trunk.orig/sys/netinet6/in6.c	2012-06-15 13:47:20.000000000 +0100
++++ kfreebsd-8.trunk/sys/netinet6/in6.c	2012-06-15 13:48:02.400285623 +0100
+@@ -1548,14 +1548,19 @@
+ 			hostid = IFA_IN6(ifa);
+ 
+ 			/* prefixlen must be <= 64. */
+-			if (64 < iflr->prefixlen)
++			if (64 < iflr->prefixlen) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
++			}
+ 			prefixlen = iflr->prefixlen;
+ 
+ 			/* hostid part must be zero. */
+ 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ 			    sin6->sin6_addr.s6_addr32[3] != 0) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
+ 			}
+ 		} else
+@@ -2148,14 +2153,20 @@
+ 		IF_ADDR_UNLOCK(ifp);
+ 		return (struct in6_ifaddr *)ifa;
+ 	}
+-	IF_ADDR_UNLOCK(ifp);
+ 
+ 	/* use the last-resort values, that are, deprecated addresses */
+-	if (dep[0])
++	if (dep[0]) {
++		ifa_ref((struct ifaddr *)dep[0]);
++		IF_ADDR_UNLOCK(ifp);
+ 		return dep[0];
+-	if (dep[1])
++	}
++	if (dep[1]) {
++		ifa_ref((struct ifaddr *)dep[1]);
++		IF_ADDR_UNLOCK(ifp);
+ 		return dep[1];
++	}
+ 
++	IF_ADDR_UNLOCK(ifp);
+ 	return NULL;
+ }
+ 
+Index: kfreebsd-8.trunk/sys/netinet6/ip6_input.c
+===================================================================
+--- kfreebsd-8.trunk.orig/sys/netinet6/ip6_input.c	2012-06-15 13:47:20.000000000 +0100
++++ kfreebsd-8.trunk/sys/netinet6/ip6_input.c	2012-06-15 13:48:02.414267508 +0100
+@@ -734,19 +734,23 @@
+ 	 * as our interface address (e.g. multicast addresses, addresses
+ 	 * within FAITH prefixes and such).
+ 	 */
+-	if (deliverifp && !ip6_getdstifaddr(m)) {
++	if (deliverifp) {
+ 		struct in6_ifaddr *ia6;
+ 
+-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+-		if (ia6) {
+-			if (!ip6_setdstifaddr(m, ia6)) {
+-				/*
+-				 * XXX maybe we should drop the packet here,
+-				 * as we could not provide enough information
+-				 * to the upper layers.
+-				 */
+-			}
++ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
+ 			ifa_free(&ia6->ia_ifa);
++		} else {
++			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++			if (ia6) {
++				if (!ip6_setdstifaddr(m, ia6)) {
++					/*
++					 * XXX maybe we should drop the packet here,
++					 * as we could not provide enough information
++					 * to the upper layers.
++					 */
++				}
++				ifa_free(&ia6->ia_ifa);
++			}
+ 		}
+ 	}
+ 
+Index: kfreebsd-8.trunk/sys/netinet/tcp_input.c
+===================================================================
+--- kfreebsd-8.trunk.orig/sys/netinet/tcp_input.c	2012-06-15 13:47:20.000000000 +0100
++++ kfreebsd-8.trunk/sys/netinet/tcp_input.c	2012-06-15 13:48:02.434279348 +0100
+@@ -538,6 +538,8 @@
+ 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ 		return IPPROTO_DONE;
+ 	}
++	if (ia6)
++		ifa_free(&ia6->ia_ifa);
+ 
+ 	tcp_input(m, *offp);
+ 	return IPPROTO_DONE;
+@@ -1206,7 +1208,8 @@
+ 				rstreason = BANDLIM_RST_OPENPORT;
+ 				goto dropwithreset;
+ 			}
+-			ifa_free(&ia6->ia_ifa);
++			if (ia6)
++				ifa_free(&ia6->ia_ifa);
+ 		}
+ #endif
+ 		/*

Modified: trunk/kfreebsd-8/debian/patches/series
===================================================================
--- trunk/kfreebsd-8/debian/patches/series	2012-06-15 12:29:24 UTC (rev 4303)
+++ trunk/kfreebsd-8/debian/patches/series	2012-06-15 13:13:08 UTC (rev 4304)
@@ -10,6 +10,7 @@
 remove_tmpfs_warning.diff
 amd64_increase_DFLDSIZ.diff
 SA-12_04.sysret.patch
+EN-12_02.ipv6refcount.patch
 
 # Other patches that might or might not be mergeable
 001_misc.diff

More information about the Glibc-bsd-commits mailing list