mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Code Issues Releases Activity
3d80e82d60
freebsd/sys/netinet6
History
Andrey V. Elsukov 3d80e82d60 Fix possible use after free due to security policy deletion. 
When we are passing mbuf to IPSec processing via ipsec[46]_process_packet(),
we hold one reference to security policy and release it just after return
from this function. But IPSec processing can be deffered and when we release
reference to security policy after ipsec[46]_process_packet(), user can
delete this security policy from SPDB. And when IPSec processing will be
done, xform's callback function will do access to already freed memory.

To fix this move KEY_FREESP() into callback function. Now IPSec code will
release reference to SP after processing will be finished.

Differential Revision:	https://reviews.freebsd.org/D2324
No objections from:	#network
Sponsored by:	Yandex LLC
2015-04-27 00:55:56 +00:00
..
dest6.c
frag6.c Move ip6_deletefraghdr() to frag6.c. 2015-02-16 05:58:32 +00:00
icmp6.c
icmp6.h
in6_cksum.c
in6_gif.c
in6_ifattach.c
in6_ifattach.h
in6_mcast.c Fix the IPV6_MULTICAST_IF sockopt handling. RFC 3493 says when the 2015-04-10 19:09:51 +00:00
in6_pcb.c tcp6_ctlinput() doesn't pass MTU value to in6_pcbnotify(). 2015-03-06 05:50:39 +00:00
in6_pcb.h
in6_pcbgroup.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in6_proto.c
in6_rmx.c
in6_rss.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in6_rss.h Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
in6_src.c
in6_var.h Move ip6_sprintf() declaration from in6_var.h to in6.h. This is a simple 2015-03-24 16:45:50 +00:00
in6.c Fix r281649: don't call in6_clearscope() twice. 2015-04-17 15:26:08 +00:00
in6.h Provide functions to determine presence of a given address 2015-04-17 11:57:06 +00:00
ip6_ecn.h
ip6_forward.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
ip6_gre.c
ip6_id.c
ip6_input.c Fix deadlock in IPv6 PCB code. 2015-03-04 11:20:01 +00:00
ip6_ipsec.c Fix possible use after free due to security policy deletion. 2015-04-27 00:55:56 +00:00
ip6_ipsec.h
ip6_mroute.c o Make net.inet6.ip6.mif6table return special API structure, that doesn't 2015-04-06 22:12:18 +00:00
ip6_mroute.h o Make net.inet6.ip6.mif6table return special API structure, that doesn't 2015-04-06 22:12:18 +00:00
ip6_output.c Preserve IPv6 fragment IDs accross reassembly and refragmentation 2015-04-01 12:15:01 +00:00
ip6_var.h Preserve IPv6 fragment IDs accross reassembly and refragmentation 2015-04-01 12:15:01 +00:00
ip6.h
ip6protosw.h
mld6_var.h - Rename 'struct mld_ifinfo' into 'struct mld_ifsoftc', since it really 2015-02-19 22:37:01 +00:00
mld6.c - Rename 'struct mld_ifinfo' into 'struct mld_ifsoftc', since it really 2015-02-19 22:37:01 +00:00
mld6.h
nd6_nbr.c Fix the check for maximum mbuf's size needed to send ND6 NA and NS. 2015-04-09 12:57:58 +00:00
nd6_rtr.c Mitigate Local Denial of Service with IPv6 Router Advertisements 2015-04-07 20:20:09 +00:00
nd6.c Fix a possible refcount leak in regen_tmpaddr(). 2015-04-13 01:55:42 +00:00
nd6.h - Implement loopback probing state in enhanced DAD algorithm. 2015-03-05 21:27:49 +00:00
pim6_var.h
pim6.h
raw_ip6.c
raw_ip6.h
route6.c
scope6_var.h
scope6.c
sctp6_usrreq.c Minimize the usage of SCTP_BUF_IS_EXTENDED. 2015-01-10 20:49:57 +00:00
sctp6_var.h
send.c
send.h
tcp6_var.h
udp6_usrreq.c Refactor / restructure the RSS code into generic, IPv4 and IPv6 specific 2015-01-18 18:06:40 +00:00
udp6_var.h