CVS commit: src/external/mpl/dhcp/dist/server

Wed, 12 Feb 2025 14:17:41 -0800 

Module Name:    src
Committed By:   christos
Date:           Wed Feb 12 22:17:27 UTC 2025

Modified Files:
        src/external/mpl/dhcp/dist/server: mdb6.c

Log Message:
Fix 2 bugs when cleaning old leases:
1. in cleanup_old_expired() call iasubopt_dereference() if the subopt did not
   have an ia. If it did, then we would have already taken acre of it.
2. in ia_remove_iasubopt() call ia_dereference() before calling
   iasubopt_dereference(), otherwise we might be touching free'd memory
   if the iasubopt had only one reference and got freed.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/external/mpl/dhcp/dist/server/mdb6.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/mpl/dhcp/dist/server/mdb6.c
diff -u src/external/mpl/dhcp/dist/server/mdb6.c:1.7 src/external/mpl/dhcp/dist/server/mdb6.c:1.8
--- src/external/mpl/dhcp/dist/server/mdb6.c:1.7	Fri Sep 23 08:30:52 2022
+++ src/external/mpl/dhcp/dist/server/mdb6.c	Wed Feb 12 17:17:27 2025
@@ -1,4 +1,4 @@
-/*	$NetBSD: mdb6.c,v 1.7 2022/09/23 12:30:52 christos Exp $	*/
+/*	$NetBSD: mdb6.c,v 1.8 2025/02/12 22:17:27 christos Exp $	*/
 
 /*
  * Copyright (C) 2007-2017 by Internet Systems Consortium, Inc. ("ISC")
@@ -17,7 +17,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: mdb6.c,v 1.7 2022/09/23 12:30:52 christos Exp $");
+__RCSID("$NetBSD: mdb6.c,v 1.8 2025/02/12 22:17:27 christos Exp $");
 
 
 /*!
@@ -487,8 +487,6 @@ ia_remove_iasubopt(struct ia_xx *ia, str
 
 	for (i=0; i<ia->num_iasubopt; i++) {
 		if (ia->iasubopt[i] == iasubopt) {
-			/* remove this sub option */
-			iasubopt_dereference(&(ia->iasubopt[i]), file, line);
 			/* move remaining suboption pointers down one */
 			for (j=i+1; j < ia->num_iasubopt; j++) {
 				ia->iasubopt[j-1] = ia->iasubopt[j];
@@ -496,6 +494,8 @@ ia_remove_iasubopt(struct ia_xx *ia, str
 			/* decrease our total count */
 			/* remove the back-reference in the suboption itself */
 			ia_dereference(&iasubopt->ia, file, line);
+			/* remove this sub option */
+			iasubopt_dereference(&iasubopt, file, line);
 			ia->num_iasubopt--;
 			return;
 		}
@@ -2070,8 +2070,9 @@ cleanup_old_expired(struct ipv6_pool *po
 					       ia->iaid_duid.len, MDL);
 			}
 			ia_dereference(&ia, MDL);
+		} else {
+			iasubopt_dereference(&tmp, MDL);
 		}
-		iasubopt_dereference(&tmp, MDL);
 	}
 }

Reply via email to