Subject: release process and fil.c bug
To: None <tech-net@netbsd.org>
From: Miles Nordin <carton@Ivy.NET>
List: tech-net
Date: 10/10/2004 12:20:22
As part of the release process I should point out I've been using this
patch Pavel sent me on 2.0_BETA. It's not pulled up yet, and without
it my IPv6-routing box crashes within a day.
the panic is also discussed in:
kern/26839
http://mail-index.netbsd.org/tech-net/2004/09/03/0003.html
http://mail-index.netbsd.org/tech-net/2004/10/03/0000.html
This is basically an IPv6 ``ping-of-death''. It's not the first and
probably won't be the last, but IMHO it's pretty serious.
-----8<-----
--- /scratch/dist/anoncvs/src/sys/netinet/fil.c 2004-10-04 23:29:29.000000000 -0400
+++ fil.c 2004-10-07 16:23:14.000000000 -0400
@@ -419,7 +419,7 @@
* Actually, hop by hop header is only allowed right
* after IPv6 header!
*/
- if (coalesced == 0) {
+ if ((fin->fin_m != NULL) && (coalesced == 0)) {
coalesced = fr_coalesce(fin);
if (coalesced == -1)
return;
@@ -430,7 +430,7 @@
frpr_hopopts6(fin);
break;
case IPPROTO_DSTOPTS :
- if (coalesced == 0) {
+ if ((fin->fin_m != NULL) && (coalesced == 0)) {
coalesced = fr_coalesce(fin);
if (coalesced == -1)
return;
@@ -438,7 +438,7 @@
frpr_dstopts6(fin);
break;
case IPPROTO_ROUTING :
- if (coalesced == 0) {
+ if ((fin->fin_m != NULL) && (coalesced == 0)) {
coalesced = fr_coalesce(fin);
if (coalesced == -1)
return;
@@ -460,7 +460,7 @@
go = 0;
break;
case IPPROTO_FRAGMENT :
- if (coalesced == 0) {
+ if ((fin->fin_m != NULL) && (coalesced == 0)) {
coalesced = fr_coalesce(fin);
if (coalesced == -1)
return;
-----8<-----
--
Le fascisme est la dictature ouverte de la bourgeoisie.
-- Georg Dimitrov