From owner-IPv6-jp@jp.freebsd.org  Fri Aug 11 22:17:06 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id WAA34062;
	Fri, 11 Aug 2000 22:17:06 +0900 (JST)
	(envelope-from owner-IPv6-jp@jp.FreeBSD.org)
Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id WAA34056
	for <IPv6-jp@jp.freebsd.org>; Fri, 11 Aug 2000 22:17:03 +0900 (JST)
	(envelope-from jinmei@isl.rdc.toshiba.co.jp)
Received: from localhost (shuttle.sixyards.wide.toshiba.co.jp [3ffe:501:100f:0:200:f8ff:fe01:61cf])
	by shuttle.wide.toshiba.co.jp (8.9.1+3.1W/8.9.1) with ESMTP id WAA05161
	for <IPv6-jp@jp.freebsd.org>; Fri, 11 Aug 2000 22:02:51 +0900 (JST)
Date: Fri, 11 Aug 2000 22:12:43 +0900
Message-ID: <y7v4s4sc56c.wl@condor.isl.rdc.toshiba.co.jp>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
 <jinmei@isl.rdc.toshiba.co.jp>
To: IPv6-jp@jp.freebsd.org
User-Agent: Wanderlust/2.3.0 (Roam) Emacs/20.6 Mule/4.0 (HANANOEN)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: multipart/mixed;
 boundary="Multipart_Fri_Aug_11_22:12:43_2000-1"
X-Dispatcher: imput version 980905(IM100)
Lines: 83
Reply-To: IPv6-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: IPv6-jp 887
Subject: [IPv6-jp 887] Forward: a serious bug fix about IPv6 for 4.1 and current
Errors-To: owner-IPv6-jp@jp.freebsd.org
Sender: owner-IPv6-jp@jp.freebsd.org
X-Originator: jinmei@isl.rdc.toshiba.co.jp

--Multipart_Fri_Aug_11_22:12:43_2000-1
Content-Type: text/plain; charset=ISO-2022-JP

$BG0$N$?$a$3$C$A$K$b(Bforward$B$7$H$-$^$9!#(B

				$B?@L@(B $BC#:H(B (jinmei@isl.rdc.toshiba.co.jp)
				$B3t<02q<R(B $BEl<G(B  $B8&5f3+H/%;%s%?!<(B
				$BDL?.%W%i%C%H%[!<%`%i%\%i%H%j!<(B


--Multipart_Fri_Aug_11_22:12:43_2000-1
Content-Type: message/rfc822

Delivered-To: freebsd-net@freebsd.org
Date: Fri, 11 Aug 2000 22:00:41 +0900
Message-ID: <y7v7l9oc5qe.wl@condor.isl.rdc.toshiba.co.jp>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp>
To: net@FreeBSD.ORG
Subject: a serious bug fix about IPv6 for 4.1 and current
User-Agent: Wanderlust/2.3.0 (Roam) Emacs/20.6 Mule/4.0 (HANANOEN)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=US-ASCII
X-Dispatcher: imput version 980905(IM100)
Lines: 48
Sender: owner-freebsd-net@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hello,

We recently found a serios bug, which might cause kernel crash, in
IPv6 code developed by the KAME project. Unfortunately, the bug has
been merged into FreeBSD 4.1 (and current), and we confirmed kernel
crash could happen on "pure" FreeBSD 4.1, too.

The attached is a patch for FreeBSD 4.1 to fix the problem. If you
enable IPv6 on FreeBSD 4.1 or current, please be sure to apply the
fix. Also, I believe that it should be merged into the FreeBSD
repository (I can't do this by myself, since I'm not a
committer. Sorry about that).

I'd really apologize for the messy bug.

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp

*** nd6_rtr.c.orig	Fri Aug 11 21:55:40 2000
--- nd6_rtr.c	Fri Aug 11 21:56:34 2000
***************
*** 549,557 ****
  #ifdef ND6_USE_RTSOCK
  		defrouter_msg(RTM_DELETE, oldrt);
  #endif
! 		if (oldrt->rt_refcnt <= 0)
! 			oldrt->rt_refcnt++; /* XXX */
! 		rtfree(oldrt);
  	}
  
  	if (dofree)		/* XXX: necessary? */
--- 549,562 ----
  #ifdef ND6_USE_RTSOCK
  		defrouter_msg(RTM_DELETE, oldrt);
  #endif
! 		if (oldrt->rt_refcnt <= 0) {
! 			/*
! 			 * XXX: borrowed from the RTM_DELETE case of
! 			 * rtrequest().
! 			 */
! 			oldrt->rt_refcnt++;
! 			rtfree(oldrt);
! 		}
  	}
  
  	if (dofree)		/* XXX: necessary? */


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

--Multipart_Fri_Aug_11_22:12:43_2000-1--
