Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed a number of race conditions in the case of receiving ipv4 packet. 

found by iij seil team.
This commit is contained in:
oki 2010-03-12 13:33:19 +00:00
parent 35d2900127
commit 4c7318c4d2
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sys/netinet/in.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: in.c,v 1.136 2009/12/07 18:38:55 dyoung Exp $ */
/* $NetBSD: in.c,v 1.137 2010/03/12 13:33:19 oki Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.136 2009/12/07 18:38:55 dyoung Exp $");
__KERNEL_RCSID(0, "$NetBSD: in.c,v 1.137 2010/03/12 13:33:19 oki Exp $");
#include "opt_inet.h"
#include "opt_inet_conf.h"
@ -386,6 +386,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
ia = malloc(sizeof(*ia), M_IFADDR, M_WAITOK|M_ZERO);
if (ia == NULL)
return (ENOBUFS);
mutex_enter(softnet_lock);
TAILQ_INSERT_TAIL(&in_ifaddrhead, ia, ia_list);
IFAREF(&ia->ia_ifa);
ifa_insert(ifp, &ia->ia_ifa);
@ -405,6 +406,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
ia->ia_ifp = ifp;
ia->ia_idsalt = arc4random() % 65535;
LIST_INIT(&ia->ia_multiaddrs);
mutex_exit(softnet_lock);
newifaddr = 1;
}
break;
@ -452,10 +454,12 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
case SIOCSIFDSTADDR:
if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
return (EINVAL);
mutex_enter(softnet_lock);
oldaddr = ia->ia_dstaddr;
ia->ia_dstaddr = *satocsin(ifreq_getdstaddr(cmd, ifr));
if ((error = (*ifp->if_ioctl)(ifp, SIOCSIFDSTADDR, ia)) != 0) {
ia->ia_dstaddr = oldaddr;
mutex_exit(softnet_lock);
return error;
}
if (ia->ia_flags & IFA_ROUTE) {
@ -464,6 +468,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
ia->ia_ifa.ifa_dstaddr = sintosa(&ia->ia_dstaddr);
rtinit(&ia->ia_ifa, RTM_ADD, RTF_HOST|RTF_UP);
}
mutex_exit(softnet_lock);
break;
case SIOCSIFBRDADDR:
@ -473,6 +478,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
break;
case SIOCSIFADDR:
mutex_enter(softnet_lock);
error = in_ifinit(ifp, ia, satocsin(ifreq_getaddr(cmd, ifr)),
1);
#ifdef PFIL_HOOKS
@ -480,18 +486,22 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
(void)pfil_run_hooks(&if_pfil,
(struct mbuf **)SIOCSIFADDR, ifp, PFIL_IFADDR);
#endif
mutex_exit(softnet_lock);
break;
case SIOCSIFNETMASK:
mutex_enter(softnet_lock);
in_ifscrub(ifp, ia);
ia->ia_sockmask = *satocsin(ifreq_getaddr(cmd, ifr));
ia->ia_subnetmask = ia->ia_sockmask.sin_addr.s_addr;
error = in_ifinit(ifp, ia, NULL, 0);
mutex_exit(softnet_lock);
break;
case SIOCAIFADDR:
maskIsNew = 0;
hostIsNew = 1;
mutex_enter(softnet_lock);
if (ia->ia_addr.sin_family != AF_INET)
;
else if (ifra->ifra_addr.sin_len == 0) {
@ -524,6 +534,7 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
(void)pfil_run_hooks(&if_pfil,
(struct mbuf **)SIOCAIFADDR, ifp, PFIL_IFADDR);
#endif
mutex_exit(softnet_lock);
break;
case SIOCGIFALIAS:
@ -540,11 +551,13 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
break;
case SIOCDIFADDR:
mutex_enter(softnet_lock);
in_purgeaddr(&ia->ia_ifa);
#ifdef PFIL_HOOKS
(void)pfil_run_hooks(&if_pfil, (struct mbuf **)SIOCDIFADDR,
ifp, PFIL_IFADDR);
#endif
mutex_exit(softnet_lock);
break;
#ifdef MROUTING