DragonFly submit List (threaded) for 2008-05
DragonFly BSD
DragonFly submit List (threaded) for 2008-05
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

in_ifinit() fix for SIOCSIFADDR


From: "Sepherosa Ziehau" <sepherosa@xxxxxxxxx>
Date: Sat, 24 May 2008 18:26:05 +0800

Hi all,

Following scenario will cause inaddr hash table contains dangling
reference to 'ia':
- ifaceX has an AF_INET ia
- SIOCSIFADDR is used to change address, and new address' hash value
is different from ia's
- in in_ifinit()
  o  ia is currently in hash bucket B1
  o  ia is removed from B1 and installed into hash table using new
address hash value, assume its new hash bucket is B2, and B1 != B2
  o  ifnet.if_ioctl fails
  o  ia is reinstalled into hash bucket B1, but without being first
removed from hash bucket B2
  o  hash bucket B2 will have a dangling reference to ia

Old code will also leave ia in the wrong hash bucket, if the rtinit()
in in_ifinit() fails, is this an intended behavior?

SIOCAIFADDR is not affected.

Please review following patch:
http://leaf.dragonflybsd.org/~sephe/in_ifaddr.diff

Best Regards,
sephe

-- 
Live Free or Die



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]