diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2006-02-01 19:43:36 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2006-02-01 19:43:36 +0000 |
commit | 1cdc31cf597dc3b03b8b8434623459b3b5d636e3 (patch) | |
tree | 5ccaa6dd9341f737b64ea2557ff47dac1b4f2593 | |
parent | 79315b47bd7ca2660657f573c9db609425f0e7ed (diff) | |
download | src-test2-1cdc31cf597dc3b03b8b8434623459b3b5d636e3.tar.gz src-test2-1cdc31cf597dc3b03b8b8434623459b3b5d636e3.zip |
MFRELENG_5 sys/netinet/tcp_sack.c rev. 1.3.2.10:
Avoid an infinite loop in sack scoreboard processing when the per-hole
limits or global scoreboard limits are reached, or when memory
exhaustion occurs. This can occur when an existing hole fails to be
split due to limits or memory exhaustion.
Security: FreeBSD-SA-06:08.sack
Approved by: so (cperciva)
Notes
Notes:
svn path=/releng/5.3/; revision=155190
-rw-r--r-- | UPDATING | 4 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/netinet/tcp_sack.c | 3 |
3 files changed, 7 insertions, 2 deletions
@@ -8,6 +8,10 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. Important recent entries: 20040724 (default X changes). +20060201: p26 FreeBSD-SA-06:08.sack + Avoid an infinite loop in sack scoreboard processing which can + result from memory exhaustion. + 20060125: p25 FreeBSD-SA-06:07.pf Correct an error in pf handling of IP packet fragments which could result in a kernel panic. [06:07] diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 1bab96111e61..f7912a5b4178 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.3" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/netinet/tcp_sack.c b/sys/netinet/tcp_sack.c index 1cf44f2ba73d..21ac01aba654 100644 --- a/sys/netinet/tcp_sack.c +++ b/sys/netinet/tcp_sack.c @@ -301,6 +301,7 @@ tcp_sack_option(struct tcpcb *tp, struct tcphdr *th, u_char *cp, int optlen) tp->snd_numholes = 0; if (tp->t_maxseg == 0) panic("tcp_sack_option"); /* Should never happen */ +next_block: while (tmp_olen > 0) { struct sackblk sack; @@ -390,7 +391,7 @@ tcp_sack_option(struct tcpcb *tp, struct tcphdr *th, u_char *cp, int optlen) temp = (struct sackhole *) uma_zalloc(sack_hole_zone,M_NOWAIT); if (temp == NULL) - continue; /* ENOBUFS */ + goto next_block; /* ENOBUFS */ temp->next = cur->next; temp->start = sack.end; temp->end = cur->end; |