OpenBSD Journal

Security Fix - All architectures

Contributed by deanna on from the errata dept.

A reliability fix for OpenBSD 3.9 and 4.0 was merged from current yesterday - Incorrect mbuf handling can crash the machine.

fix by claudio@:

m_dup1() copies the packet header and allocates the mbuf cluster in the
wrong order. M_DUP_PKTHDR needs to be called with an empty mbuf.
Allocating an mbuf cluster beforehand is not allowed as the resulting mbuf is
no longer considered empty (part of the header is initialized).
The correct order is to allocate an mbuf via MGETHDR(), copy the packet header
and as last step allocate the cluster.
Issue found by JINMEI Tatuya.

Source patches are available for OpenBSD 3.9 and 4.0.

UPDATE: this has been elevated to a security issue. Using pf(4) to "block in inet6" is an effective workaround until the patch can be installed.

(Comments are closed)


Comments
  1. By David Alten (64.132.1.80) on

    The patch asked me for a file to patch. I modified the patch to include the file path, as follows:


    Index: sys/kern/uipc_mbuf2.c

    --- sys/kern/uipc_mbuf2.c 17 Mar 2006 04:15:51 -0000 1.24
    +++ sys/kern/uipc_mbuf2.c 7 Mar 2007 19:21:48 -0000 1.24.2.1

  2. By bedazzled (143.233.245.86) on www.awmn.net

    My box rebooted twice since yesterday for no apparent reason and it also locked up once (the NIC leds shut off). It had 2 weeks uptime.
    It this related with the reliability fix? At first I thought my hardware was faulty, but it works fine since summer... gotta patch now and see how it goes.

    ps: The NIC is a classic $5 el-cheapo RealTek 8139, although it fills the bill nicely (94 Mbit/s on iperf bench :D)

  3. By Olli (84.185.104.113) on

    do i have to build the kernel from the source or is there any way to update the binary kernel?

    Comments
    1. By Anonymous Coward (212.27.60.48) on

      > do i have to build the kernel from the source or is there any way to update the binary kernel?
      >

      www.openbsd.org/faq

      Comments
      1. By Anonymous Coward (71.65.251.184) on

        > > do i have to build the kernel from the source or is there any way to update the binary kernel?
        > >
        >
        > www.openbsd.org/faq
        >
        >

        poor reply, anonymous

  4. By Anonymous Coward (66.92.65.117) on

    Am I mistaken to assume "scrub in all" implies "scrub in inet6"?

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]