CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Simon L. B. Nielsen <simon@FreeBSD.org>
	Wed, 29 Jun 2005 21:36:49 +0000 (21:36 +0000)
committer	Simon L. B. Nielsen <simon@FreeBSD.org>
	Wed, 29 Jun 2005 21:36:49 +0000 (21:36 +0000)
commit	0a389eab226dfe89be0b831fe454e2cd9a9e9705
tree	0d01d80ed5ef7635e6b3d562c88fc976ed1c28b5	tree \| snapshot
parent	49808fa4fcc6d40e1ef06b2958697f27af54e725	commit \| diff

Fix ipfw packet matching errors with address tables.

The ipfw tables lookup code caches the result of the last query. The
kernel may process multiple packets concurrently, performing several
concurrent table lookups. Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.

Submitted by: ru
Reviewed by: csjp, mlaier
Security: CAN-2005-2019
Security: FreeBSD-SA-05:13.ipfw

Correct bzip2 permission race condition vulnerability.

Obtained from: Steve Grubb via RedHat
Security: CAN-2005-0953
Security: FreeBSD-SA-05:14.bzip2
Approved by: obrien

Correct TCP connection stall denial of service vulnerability.

A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.

Submitted by: Noritoshi Demizu
Reviewed by: andre, Mohan Srinivasan
Security: CAN-2005-2068
Security: FreeBSD-SA-05:15.tcp

Approved by: re (security blanket), cperciva

contrib/bzip2/bzip2.c		diff \| blob \| history
sys/netinet/ip_fw2.c		diff \| blob \| history
sys/netinet/tcp_input.c		diff \| blob \| history
sys/netinet/tcp_reass.c		diff \| blob \| history