Subject: Re: crashes in ipfilter on i386
To: Michael van Elst <firstname.lastname@example.org>
From: Liam Foy <email@example.com>
Date: 07/24/2007 21:10:14
On 24/07/07, Michael van Elst <firstname.lastname@example.org> wrote:
> email@example.com (Greg Troxel) writes:
> >I have an i386 running netbsd-4, and it's been crashing ever since I
> >upgraded recently.
> Are you sure that you use this code?
> > if (frpr_pullup(fin, ICMP6ERR_MINPKTLEN) == -1)
> > return;
> > icmp6 = fin->fin_dp;
> > ip6 = (ip6_t *)((char *)icmp6 + ICMPERR_ICMPHLEN);
> > if (IP6_NEQ(&fin->fin_fi.fi_dst,
> > &ip6->ip6_src))
> > fin->fin_flx |= FI_BAD;
> I am asking, because there was a bug exactly in this place
> (a stale version of the icmp6 pointer was used) and the crash
> was exactly where you have shown it in your previous mail.
> However, this is fixed in the code snippet above.
> The frpr_pullup ensures that enough data is in the buffer for the
> IP6_NEQ operation and the icmp6 (and thus ip6) pointers are recomputed
> in case the buffer was moved.
Which has also been pulled up to -4 if my memory is correct. Maybe try updating
your -4 tree and build a fresh kernel.
Liam J. Foy
http://bsdportal.org <- BSD News