diff options
| author |   mvs <mvs@openbsd.org> | 2020-08-04 09:32:05 +0000 |
|---|---|---|
| committer | mvs <mvs@openbsd.org> | 2020-08-04 09:32:05 +0000 |
| commit | 53c2c62e296afa0436e2246701871b4a2aa93a15 (patch) | |
| tree | 360d721462854700ee58ea832945d40d0e4905da /lib/libc | |
| parent | Also ignore SIGQUIT so it can't be used to kill the client when locked. (diff) | |
| download | wireguard-openbsd-53c2c62e296afa0436e2246701871b4a2aa93a15.tar.xz wireguard-openbsd-53c2c62e296afa0436e2246701871b4a2aa93a15.zip | |
We have `pipexinq' and `pipexoutq' mbuf(9) queues to store pipex(4)
related mbufs. Each mbuf(9) passed to these queues stores the pointer to
corresponding pipex(4) session referenced as `m_pkthdr.ph_cookie'. When
session was destroyed its reference can still be in these queues so we
have use after free issue while pipexintr() dereference it.
I removed `pipexinq', `pipexoutq' and pipexintr(). This not only allows
us to avoid issue described above, but also removes unnecessary context
switch in packet processing. Also it makes code simpler.
ok mpi@ yasuoka@
Diffstat (limited to 'lib/libc')
| -rw-r--r-- | lib/libc/sys/sysctl.2 | 28 |
1 files changed, 2 insertions, 26 deletions
diff --git a/lib/libc/sys/sysctl.2 b/lib/libc/sys/sysctl.2 index 2e1b085ae78..0b9be238c59 100644 --- a/lib/libc/sys/sysctl.2 +++ b/lib/libc/sys/sysctl.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.2,v 1.40 2020/05/17 05:48:39 ratchov Exp $ +.\" $OpenBSD: sysctl.2,v 1.41 2020/08/04 09:32:05 mvs Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: May 17 2020 $ +.Dd $Mdocdate: August 4 2020 $ .Dt SYSCTL 2 .Os .Sh NAME @@ -2033,35 +2033,11 @@ The currently defined variable names are: .Bl -column "Third level name" "integer" "Changeable" -offset indent .It Sy "Third level name" Ta Sy "Type" Ta Sy "Changeable" .It Dv PIPEXCTL_ENABLE Ta integer Ta yes -.It Dv PIPEXCTL_INQ Ta node Ta not applicable -.It Dv PIPEXCTL_OUTQ Ta node Ta not applicable .El .Bl -tag -width "123456" .It Dv PIPEXCTL_ENABLE If set to 1, enable PIPEX processing. The default is 0. -.It Dv PIPEXCTL_INQ Pq Va net.pipex.inq -Fourth level comprises an array of -.Vt struct ifqueue -structures containing information about the PIPEX packet input queue. -The forth level names for the elements of -.Vt struct ifqueue -are the same as described in -.Li ip.arpq -in the -.Dv PF_INET -section. -.It Dv PIPEXCTL_OUTQ Pq Va net.pipex.outq -Fourth level comprises an array of -.Vt struct ifqueue -structures containing information about PIPEX packet output queue. -The forth level names for the elements of -.Vt struct ifqueue -are the same as described in -.Li ip.arpq -in the -.Dv PF_INET -section. .El .El .Ss CTL_VFS |