>Number: 152143
>Category: bin
>Synopsis: [PATCH] rtadvd(8) null pointer dereference
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 11 19:20:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Przemyslaw Frasunek
>Release: FreeBSD 7.3-RELEASE i386
>Organization:
Nette sp. z o.o.
>Environment:
Generic 7.3-RELEASE
>Description:
rtadvd(8) crashes sporadically on machines with large number
of dynamically created network interfaces (ng, vlan, tap, ...).
This is due to null pointer dereference caused by race
condition, when the interface is being destroyed. See patch below.
>How-To-Repeat:
See above.
>Fix:
--- rtadvd.c.old 2010-02-10 01:26:20.000000000 +0100
+++ rtadvd.c 2010-11-11 20:08:24.000000000 +0100
@@ -659,7 +659,7 @@
* If we happen to receive data on an interface which is now
* down,
* just discard the data.
*/
- if ((iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) {
+ if ((iflist[pi->ipi6_ifindex] == NULL ||
iflist[pi->ipi6_ifindex]->ifm_flags & IFF_UP) == 0) {
syslog(LOG_INFO,
"<%s> received data on a disabled interface
(%s)",
__func__,
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
