diff options
author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2008-02-14 11:50:28 +0000 |
---|---|---|
committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2008-02-14 11:50:28 +0000 |
commit | 709dbc33b14011a5969835f1d020adc93138f0b5 (patch) | |
tree | 4f8371bc595767887527aa4e0d2864fb01cbffa5 | |
parent | fbf69f116f9ce548a341e2c8f4415df5356bbd48 (diff) | |
download | src-709dbc33b14011a5969835f1d020adc93138f0b5.tar.gz src-709dbc33b14011a5969835f1d020adc93138f0b5.zip |
Fix sendfile(2) write-only file permission bypass. [08:03.sendfile]
Fix IPsec null pointer dereference panic. [SA-08:04.ipsec]
Security: FreeBSD-SA-08:03.sendfile
Security: FreeBSD-SA-08:04.ipsec
Approved by: so (simon)
Notes
Notes:
svn path=/releng/5.5/; revision=176274
-rw-r--r-- | UPDATING | 5 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/kern/kern_descrip.c | 2 | ||||
-rw-r--r-- | sys/netinet6/ipcomp_input.c | 2 |
4 files changed, 8 insertions, 3 deletions
@@ -8,6 +8,11 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20080214: p19 FreeBSD-SA-08:02.sendfile, FreeBSD-SA-08:03.ipsec + Fix sendfile(2) write-only file permission bypass. [08:02] + + Fix IPsec null pointer dereference panic. [08:03] + 20080114: p18 FreeBSD-SA-08:01.pty Fix issues which allow snooping on ptys. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 3c3db8af5d5e..5ccb23da8dfc 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="5.5" -BRANCH="RELEASE-p18" +BRANCH="RELEASE-p19" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 40ddd19df0ed..088443018172 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -2014,7 +2014,7 @@ _fgetvp(struct thread *td, int fd, struct vnode **vpp, int flags) GIANT_REQUIRED; /* VFS */ *vpp = NULL; - if ((error = _fget(td, fd, &fp, 0, 0)) != 0) + if ((error = _fget(td, fd, &fp, flags, 0)) != 0) return (error); if (fp->f_vnode == NULL) { error = EINVAL; diff --git a/sys/netinet6/ipcomp_input.c b/sys/netinet6/ipcomp_input.c index 1831648a50de..be97fd1d6678 100644 --- a/sys/netinet6/ipcomp_input.c +++ b/sys/netinet6/ipcomp_input.c @@ -258,7 +258,7 @@ ipcomp6_input(mp, offp, proto) off = *offp; md = m_pulldown(m, off, sizeof(*ipcomp), NULL); - if (!m) { + if (!md) { m = NULL; /* already freed */ ipseclog((LOG_DEBUG, "IPv6 IPComp input: assumption failed " "(pulldown failure)\n")); |