#
305558 |
|
07-Sep-2016 |
dim |
MFC r305389:
With clang 3.9.0, compiling sys/netinet/igmp.c results in the following warning:
sys/netinet/igmp.c:546:21: error: implicit conversion from 'int' to 'char' changes value from 148 to -108 [-Werror,-Wconstant-conversion] p->ipopt_list[0] = IPOPT_RA; /* Router Alert Option */ ~ ^~~~~~~~ sys/netinet/ip.h:153:19: note: expanded from macro 'IPOPT_RA' #define IPOPT_RA 148 /* router alert */ ^~~
This is because ipopt_list is an array of char, so IPOPT_RA is wrapped to a negative value. It would be nice to change ipopt_list to an array of u_char, but it changes the signature of the public struct ipoption, so add an explicit cast to suppress the warning.
Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D7777
|
#
295388 |
|
07-Feb-2016 |
bz |
MFC r294514:
The variable is write once only and not used. Recover the vertical space.
Sponsored by: The FreeBSD Foundation Obtained from: p4 CH=180830 Reviewed by: gnn, hiren Differential Revision:https://reviews.freebsd.org/D4898
Approved by: re (marius, gjb)
|
#
291990 |
|
08-Dec-2015 |
ae |
MFC r291579: In the same way fix the problem described in r291578 for IGMPv3.
In case when router has a lot of multicast groups, the reply can take several packets due to MTU limitation. Also we have a limit IGMP_MAX_RESPONSE_BURST == 4, that limits the number of packets we send in one shot. Then we recalculate the timer value and schedule the remaining packets for sending. The problem is that when we call igmp_v3_dispatch_general_query() to send remaining packets, we queue new reply in the same mbuf queue. And when number of packets is bigger than IGMP_MAX_RESPONSE_BURST, we get endless reply of IGMPv3 reports. To fix this, add the check for remaining packets in the queue.
|
#
281230 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
|
#
279263 |
|
25-Feb-2015 |
delphij |
Instant MFC:
Fix integer overflow in IGMP protocol.
Security: FreeBSD-SA-15:04.igmp Security: CVE-2015-1414 Found by: Mateusz Kocielski, Logicaltrust Analyzed by: Marek Kroemeke, Mateusz Kocielski (shm@NetBSD.org) and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 Submited by: Mariusz Zaborski <oshogbo@FreeBSD.org> Reviewed by: bms Approved by: so
|
#
281230 |
|
07-Apr-2015 |
delphij |
Improve patch for SA-15:04.igmp to solve a potential buffer overflow.
Fix multiple vulnerabilities of ntp. [SA-15:07]
Fix bsdinstall(8) insecure default GELI keyfile permissions. [SA-15:08]
Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09]
|
#
279263 |
|
25-Feb-2015 |
delphij |
Instant MFC:
Fix integer overflow in IGMP protocol.
Security: FreeBSD-SA-15:04.igmp Security: CVE-2015-1414 Found by: Mateusz Kocielski, Logicaltrust Analyzed by: Marek Kroemeke, Mateusz Kocielski (shm@NetBSD.org) and 22733db72ab3ed94b5f8a1ffcde850251fe6f466 Submited by: Mariusz Zaborski <oshogbo@FreeBSD.org> Reviewed by: bms Approved by: so
|