Module Name: src
Committed By: riz
Date: Fri Jul 16 19:10:59 UTC 2010
Modified Files:
src/sys/netinet6 [netbsd-5-0]: udp6_output.c
Log Message:
Pull up following revision(s) (requested by dyoung in ticket #1428):
sys/netinet6/udp6_output.c: revision 1.41
Under some circumstances, udp6_output() would call ip6_clearpktopts()
with an uninitialized struct ip6_pktopts on the stack, opt.
ip6_clearpktopts(&opt, ...) could dereference dangling pointers,
leading to memory corruption or a crash. Now, udp6_output() calls
ip6_clearpktopts(&opt, ...) only if opt was initialized. Thanks to
Clement LECIGNE for reporting this bug.
Fix a potential memory leak: it is udp6_output()'s responsibility
to free its mbuf arguments on error. In the unlikely event that
sa6_embedscope() failed, udp6_output() would not free its mbuf
arguments.
I will ask for this to be pulled up to -4, -5, and -5-0.
To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.37.10.1 src/sys/netinet6/udp6_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
