DragonFly bugs List (threaded) for 2010-08
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

ifconfig wlan0 create causes memory corruption

From:	Johannes Hofmann <johannes.hofmann@xxxxxx>
Date:	13 Aug 2010 20:49:07 GMT

When cloning an wlan interface with e.g
	ifconfig wlan0 create wlandev ath0
a struct ifnet is allocated via if_alloc and then passed to
ether_ifattach_bpf() which writes beyond the struct ifnet.
This is especially a problem if struct ifnet size is close to a chunk
size of the slab allocator - as it happens with the recent pf update.
This was catched by guards I added to the slab allocator.

Cheers,
Johannes

Follow-Ups:
- Re: ifconfig wlan0 create causes memory corruption
  - From: Matthew Dillon <dillon@apollo.backplane.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]