cvs commit: src/sys/netinet in.c

Sepherosa Ziehau sephe at crater.dragonflybsd.org
Mon May 26 06:30:39 PDT 2008


sephe       2008/05/26 06:29:33 PDT

DragonFly src repository

  Modified files:
    sys/netinet          in.c 
  Log:
  Fix following possible bugs for SIOCSIFADDR, if in_ifinit() fails
  Conditions:
     o  ifaceX has an AF_INET ia
     o  SIOCSIFADDR is used to change address, and new address' hash value is
        different from ia's
     o  ia is currently in hash bucket B1
     o  ia is removed from B1 and installed into hash table using new address
        hash value, assume its new hash bucket is B2, and B1 != B2
  1) Dangling ia reference in inaddr hash table
     o  ifnet.if_ioctl fails
     o  ia is reinstalled into hash bucket B1, but without being first removed
        from hash bucket B2
     Hash bucket B2 will have a dangling reference to ia
  2) ia is left in wrong hash bucket
     o  rtinit fails
     o  ia's address is restored to oldaddr
     ia itself is left in hash bucket indexed by new address's hash value
  
  - In in_ifinit(), if it fails, unlink ia from inaddr hash table instead of
    delaying the unlinking to in_control_internal().  If necessary reinstall
    ia into inaddr hash table with original address
  - After the above fix, in_control_internal() needs to unlink ia from inaddr
    only if cmd is SIOCDIFADDR and ia resides in inaddr hash table.  Whether
    ia is in inaddr hash table or not, is currently indicated by ia address's
    family; add XXX comment that this assumption is not good
  - Constfy 'sin' parameter to in_ifinit()
  
  Reviewed-by: dillon@
  
  Revision  Changes    Path
  1.35      +30 -22    src/sys/netinet/in.c


http://www.dragonflybsd.org/cvsweb/src/sys/netinet/in.c.diff?r1=1.34&r2=1.35&f=u





More information about the Commits mailing list