At Wed, 29 Aug 2007 08:24:58 +0100,
Bruce M. Simpson wrote:
>
> BTW: Casual inspection with kscope suggests there is a similar
> free-while-locked issue in nd6_ns_input() (netient6/nd6_nbr.c) and
> in_arpinput() (netinet/if_ether.c).
>
> nd6_ns_input() references rt-»rt_gateway after rtfree(),
BTW: Casual inspection with kscope suggests there is a similar
free-while-locked issue in nd6_ns_input() (netient6/nd6_nbr.c) and
in_arpinput() (netinet/if_ether.c).
nd6_ns_input() references rt-»rt_gateway after rtfree(), a potential
race not to mention a use-after-free.
I haven't checked C
Christian S.J. Peron wrote:
I am not sure who has their hands in the routing code these days so
I figured I would just forward this message off here. Does the
following look reasonable?
I'm looking, but mostly with long range goggles on.
Yes, this looks like the right change. rtalloc1() alw
I am not sure who has their hands in the routing code these days so
I figured I would just forward this message off here. Does the
following look reasonable?
- Forwarded message from "Christian S.J. Peron" <[EMAIL PROTECTED]> -
From: "Christian S.J. Peron" <[EMAIL PROTECTED]>
To: Yuri
