[Glibc-bsd-commits] r4318 - in branches/squeeze/kfreebsd-8/debian: . patches
Steven Chamberlain
stevenc-guest at alioth.debian.org
Sat Jun 16 18:11:37 UTC 2012
Author: stevenc-guest
Date: 2012-06-16 18:11:36 +0000 (Sat, 16 Jun 2012)
New Revision: 4318
Added:
branches/squeeze/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch
Modified:
branches/squeeze/kfreebsd-8/debian/changelog
branches/squeeze/kfreebsd-8/debian/patches/series
Log:
Apply upstream EN-12:02.ipv6refcount patch (Closes: 677738)
Also refreshed the line numbers against our source, then checked that the result matches upstream's commit to RELENG_8_1
Modified: branches/squeeze/kfreebsd-8/debian/changelog
===================================================================
--- branches/squeeze/kfreebsd-8/debian/changelog 2012-06-16 17:45:50 UTC (rev 4317)
+++ branches/squeeze/kfreebsd-8/debian/changelog 2012-06-16 18:11:36 UTC (rev 4318)
@@ -2,8 +2,9 @@
[ Steven Chamberlain ]
* Apply upstream SA-12:04.sysret patch (CVE-2012-0217) (Closes: #677297)
+ * Apply upstream EN-12:02.ipv6refcount patch (Closes: 677738)
- -- GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org> Sat, 16 Jun 2012 18:23:36 +0100
+ -- GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org> Sat, 16 Jun 2012 19:07:54 +0100
kfreebsd-8 (8.1+dfsg-8+squeeze2) stable-security; urgency=low
Added: branches/squeeze/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch
===================================================================
--- branches/squeeze/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch (rev 0)
+++ branches/squeeze/kfreebsd-8/debian/patches/EN-12_02.ipv6refcount.patch 2012-06-16 18:11:36 UTC (rev 4318)
@@ -0,0 +1,134 @@
+Description:
+ Fix reference count errors in IPv6 code. [EN-12:02]
+Origin: vendor, http://security.freebsd.org/patches/EN-12:02/ipv6refcount.patch
+Bug: http://security.freebsd.org/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=236953
+
+Index: kfreebsd-8-8.1+dfsg/sys/netinet6/in6.c
+===================================================================
+--- kfreebsd-8-8.1+dfsg.orig/sys/netinet6/in6.c 2012-06-16 19:00:59.000000000 +0100
++++ kfreebsd-8-8.1+dfsg/sys/netinet6/in6.c 2012-06-16 19:03:42.829835350 +0100
+@@ -1370,6 +1370,8 @@
+ }
+
+ cleanup:
++ if (ifa0 != NULL)
++ ifa_free(ifa0);
+
+ plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
+ if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
+@@ -1394,8 +1396,6 @@
+ return;
+ ia->ia_flags &= ~IFA_ROUTE;
+ }
+- if (ifa0 != NULL)
+- ifa_free(ifa0);
+
+ in6_unlink_ifa(ia, ifp);
+ }
+@@ -1549,14 +1549,19 @@
+ hostid = IFA_IN6(ifa);
+
+ /* prefixlen must be <= 64. */
+- if (64 < iflr->prefixlen)
++ if (64 < iflr->prefixlen) {
++ if (ifa != NULL)
++ ifa_free(ifa);
+ return EINVAL;
++ }
+ prefixlen = iflr->prefixlen;
+
+ /* hostid part must be zero. */
+ sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ sin6->sin6_addr.s6_addr32[3] != 0) {
++ if (ifa != NULL)
++ ifa_free(ifa);
+ return EINVAL;
+ }
+ } else
+@@ -2144,14 +2149,20 @@
+ IN6_IFADDR_RUNLOCK();
+ return (struct in6_ifaddr *)ifa;
+ }
+- IN6_IFADDR_RUNLOCK();
+
+ /* use the last-resort values, that are, deprecated addresses */
+- if (dep[0])
++ if (dep[0]) {
++ ifa_ref((struct ifaddr *)dep[0]);
++ IN6_IFADDR_RUNLOCK();
+ return dep[0];
+- if (dep[1])
++ }
++ if (dep[1]) {
++ ifa_ref((struct ifaddr *)dep[1]);
++ IN6_IFADDR_RUNLOCK();
+ return dep[1];
++ }
+
++ IN6_IFADDR_RUNLOCK();
+ return NULL;
+ }
+
+Index: kfreebsd-8-8.1+dfsg/sys/netinet6/ip6_input.c
+===================================================================
+--- kfreebsd-8-8.1+dfsg.orig/sys/netinet6/ip6_input.c 2012-06-16 19:00:59.000000000 +0100
++++ kfreebsd-8-8.1+dfsg/sys/netinet6/ip6_input.c 2012-06-16 19:03:42.838808064 +0100
+@@ -632,19 +632,23 @@
+ * as our interface address (e.g. multicast addresses, addresses
+ * within FAITH prefixes and such).
+ */
+- if (deliverifp && !ip6_getdstifaddr(m)) {
++ if (deliverifp) {
+ struct in6_ifaddr *ia6;
+
+- ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+- if (ia6) {
+- if (!ip6_setdstifaddr(m, ia6)) {
+- /*
+- * XXX maybe we should drop the packet here,
+- * as we could not provide enough information
+- * to the upper layers.
+- */
+- }
++ if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
+ ifa_free(&ia6->ia_ifa);
++ } else {
++ ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++ if (ia6) {
++ if (!ip6_setdstifaddr(m, ia6)) {
++ /*
++ * XXX maybe we should drop the packet here,
++ * as we could not provide enough information
++ * to the upper layers.
++ */
++ }
++ ifa_free(&ia6->ia_ifa);
++ }
+ }
+ }
+
+Index: kfreebsd-8-8.1+dfsg/sys/netinet/tcp_input.c
+===================================================================
+--- kfreebsd-8-8.1+dfsg.orig/sys/netinet/tcp_input.c 2012-06-16 19:00:59.000000000 +0100
++++ kfreebsd-8-8.1+dfsg/sys/netinet/tcp_input.c 2012-06-16 19:03:42.849828260 +0100
+@@ -293,6 +293,8 @@
+ (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ return IPPROTO_DONE;
+ }
++ if (ia6)
++ ifa_free(&ia6->ia_ifa);
+
+ tcp_input(m, *offp);
+ return IPPROTO_DONE;
+@@ -941,7 +943,8 @@
+ rstreason = BANDLIM_RST_OPENPORT;
+ goto dropwithreset;
+ }
+- ifa_free(&ia6->ia_ifa);
++ if (ia6)
++ ifa_free(&ia6->ia_ifa);
+ }
+ #endif
+ /*
Modified: branches/squeeze/kfreebsd-8/debian/patches/series
===================================================================
--- branches/squeeze/kfreebsd-8/debian/patches/series 2012-06-16 17:45:50 UTC (rev 4317)
+++ branches/squeeze/kfreebsd-8/debian/patches/series 2012-06-16 18:11:36 UTC (rev 4318)
@@ -1,4 +1,5 @@
SA-12_04.sysret.patch
+EN-12_02.ipv6refcount.patch
000_adaptive_machine_arch.diff
000_ata.diff
000_coda.diff
More information about the Glibc-bsd-commits
mailing list