* Ralf Horstmann <[email protected]> [2020-10-30 18:45]:
> >Synopsis: 6.8 panic _bus_dmamap_load_mbuf: no packet header
> >Category: system
> >Environment:
> System : OpenBSD 6.8
> Details : OpenBSD 6.8 (GENERIC.MP) #98: Sun Oct 4 18:13:26 MDT 2020
>
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
There is an mbuf use after free when using bpf with carp (e.g. dhcpd on carp).
Here is a possible fix:
Index: sys/netinet/ip_carp.c
===================================================================
RCS file: /home/cvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.349
diff -u -u -r1.349 ip_carp.c
--- sys/netinet/ip_carp.c 28 Jul 2020 16:44:34 -0000 1.349
+++ sys/netinet/ip_carp.c 4 Nov 2020 22:13:42 -0000
@@ -2282,10 +2282,8 @@
#if NBPFILTER > 0
{
caddr_t if_bpf = ifp->if_bpf;
- if (if_bpf) {
- if (bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_OUT))
- m_freem(m);
- }
+ if (if_bpf)
+ bpf_mtap_ether(if_bpf, m, BPF_DIRECTION_OUT);
}
#endif /* NBPFILTER > 0 */
