Author: aurel32
Date: 2006-02-06 23:07:37 +0000 (Mon, 06 Feb 2006)
New Revision: 1148
Added:
trunk/kfreebsd-5/debian/patches/000_pf.diff
Modified:
trunk/kfreebsd-5/debian/changelog
Log:
* Fix IP fragment handling panic in pf (FreeBSD-SA-06:07.pf / CVE-2006-0381).
Modified: trunk/kfreebsd-5/debian/changelog
===================================================================
--- trunk/kfreebsd-5/debian/changelog 2006-02-06 17:25:27 UTC (rev 1147)
+++ trunk/kfreebsd-5/debian/changelog 2006-02-06 23:07:37 UTC (rev 1148)
@@ -1,3 +1,11 @@
+kfreebsd-5 (5.4-14) unstable; urgency=high
+
+ * Urgency set to high as this fixes a security bug.
+ * Fix IP fragment handling panic in pf (FreeBSD-SA-06:07.pf /
+ CVE-2006-0381).
+
+ -- Aurelien Jarno <[EMAIL PROTECTED]> Tue, 7 Feb 2006 00:07:16 +0100
+
kfreebsd-5 (5.4-13) unstable; urgency=high
* Urgency set to high as this fixes a security bug.
Added: trunk/kfreebsd-5/debian/patches/000_pf.diff
===================================================================
--- trunk/kfreebsd-5/debian/patches/000_pf.diff 2006-02-06 17:25:27 UTC (rev
1147)
+++ trunk/kfreebsd-5/debian/patches/000_pf.diff 2006-02-06 23:07:37 UTC (rev
1148)
@@ -0,0 +1,16 @@
+Index: sys/contrib/pf/net/pf_norm.c
+===================================================================
+RCS file: /home/ncvs/src/sys/contrib/pf/net/pf_norm.c,v
+retrieving revision 1.11.2.2
+diff -u -p -I__FBSDID -r1.11.2.2 pf_norm.c
+--- sys/contrib/pf/net/pf_norm.c 17 Jan 2006 13:05:32 -0000 1.11.2.2
++++ sys/contrib/pf/net/pf_norm.c 22 Jan 2006 16:38:31 -0000
+@@ -818,7 +818,7 @@ pf_fragcache(struct mbuf **m0, struct ip
+ } else {
+ hosed++;
+ }
+- } else {
++ } else if (frp == NULL) {
+ /* There is a gap between fragments */
+ DPFPRINTF(("fragcache[%d]: gap %d %d-%d (%d-%d)\n",
+ h->ip_id, -aftercut, off, max, fra->fr_off,
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
