On Thu, Apr 18, 2002 at 04:28:11PM +0900, SUZUKI Shinsuke wrote: > Hello all, > > #I'm not sure where to discuss this issue. So please forward this > #mail or reply with CC for the appropriate person or ML. > > > FreeBSD-SA-02:21.tcpip Security Advisory > > Topic: routing table memory leak > > Category: core > > Module: net > > Announced: 2002-04-17 > > Credits: Jayanth Vijayaraghavan <[EMAIL PROTECTED]> > > Ruslan Ermilov <[EMAIL PROTECTED]> > I have one proposal for this fix. > > In this patch, ip_output() is assumed to receive non-NULL rtentry > argument from its caller. > > Two files are patched to support this, so there's no problem right > now. However if some new module calls ip_output() carelessly with > NULL rtentry argument, kernel would crash. > I don't think it is a good change. > > KAME rewrote the attached patch to improve this point: > - This memory leak is fixed, of course:-) > (at least I confirmed on 5-current). > - Non-NULL rtentry for ip_output() is still accepted. So only a > patch in ip_output.c is enough. > > Could you please correct me if I'm wrong, or consider adopting this > patch? > (it's a patch for 5-current, but it's not so difficult to modify it for > 4-stable and 4.5-release branch) > I strongly object to this change. BSD historically didn't allow for ip_output() to be called with the NULL route pointer. I changed this in rev. 1.143 in a blind attempt to fix a panic condition I introduced in ip_icmp.c,v 1.64. Unfortunately, this didn't actually fix the ip_icmp.c bug but rather _hided_ it. Many respectful people objected to the 1.143 change, including Garrett Wollman, but I didn't realize at the time why this was bad. I since have fixed my mind, and I now realize why it's bad. The details could be found in the commit log for ip_output.c,v 1.153. Hopefully you can follow that.
Cheers, -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age
msg05796/pgp00000.pgp
Description: PGP signature
