Author: markj Date: Mon Apr 13 01:55:42 2015 New Revision: 281483 URL: https://svnweb.freebsd.org/changeset/base/281483
Log: Fix a possible refcount leak in regen_tmpaddr(). public_ifa6 may be set to NULL after taking a reference to a previous address list element. Instead, only take the reference after leaving the loop but before releasing the address list lock. Differential Revision: https://reviews.freebsd.org/D2253 Reviewed by: ae MFC after: 2 weeks Modified: head/sys/netinet6/nd6.c Modified: head/sys/netinet6/nd6.c ============================================================================== --- head/sys/netinet6/nd6.c Mon Apr 13 01:42:24 2015 (r281482) +++ head/sys/netinet6/nd6.c Mon Apr 13 01:55:42 2015 (r281483) @@ -765,11 +765,10 @@ regen_tmpaddr(struct in6_ifaddr *ia6) * address with the prefix. */ if (!IFA6_IS_DEPRECATED(it6)) - public_ifa6 = it6; - - if (public_ifa6 != NULL) - ifa_ref(&public_ifa6->ia_ifa); + public_ifa6 = it6; } + if (public_ifa6 != NULL) + ifa_ref(&public_ifa6->ia_ifa); IF_ADDR_RUNLOCK(ifp); if (public_ifa6 != NULL) { _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
