[Midnightbsd-cvs] src: /src: MFC icmp6 and amd64 gs register patch

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Wed Sep 3 22:41:34 EDT 2008


Log Message:
-----------
MFC icmp6 and amd64 gs register patch

Tags:
----
RELENG_0_2

Modified Files:
--------------
    src:
        UPDATING (r1.38.2.5 -> r1.38.2.6)
    src/sys/amd64/amd64:
        exception.S (r1.1.1.1 -> r1.1.1.1.4.1)
    src/sys/netinet6:
        icmp6.c (r1.1.1.2 -> r1.1.1.2.4.1)

-------------- next part --------------
Index: exception.S
===================================================================
RCS file: /home/cvs/src/sys/amd64/amd64/exception.S,v
retrieving revision 1.1.1.1
retrieving revision 1.1.1.1.4.1
diff -L sys/amd64/amd64/exception.S -L sys/amd64/amd64/exception.S -u -r1.1.1.1 -r1.1.1.1.4.1
--- sys/amd64/amd64/exception.S
+++ sys/amd64/amd64/exception.S
@@ -509,13 +509,10 @@
 	.globl	doreti_iret_fault
 doreti_iret_fault:
 	subq	$TF_RIP,%rsp		/* space including tf_err, tf_trapno */
-	testb	$SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */
-	jz	1f			/* already running with kernel GS.base */
-	swapgs
-1:	testl	$PSL_I,TF_RFLAGS(%rsp)
-	jz	2f
+	testl	$PSL_I,TF_RFLAGS(%rsp)
+	jz	1f
 	sti
-2:	movq	%rdi,TF_RDI(%rsp)
+1:	movq	%rdi,TF_RDI(%rsp)
 	movq	%rsi,TF_RSI(%rsp)
 	movq	%rdx,TF_RDX(%rsp)
 	movq	%rcx,TF_RCX(%rsp)
Index: UPDATING
===================================================================
RCS file: /home/cvs/src/UPDATING,v
retrieving revision 1.38.2.5
retrieving revision 1.38.2.6
diff -L UPDATING -L UPDATING -u -r1.38.2.5 -r1.38.2.6
--- UPDATING
+++ UPDATING
@@ -3,10 +3,20 @@
 Items affecting the mports and packages system can be found in
 /usr/mports/UPDATING. 
 
+20080903:
+	Correct two defects in MidnightBSD.  AMD64/EMT64 systems had a 
+	privledge escalation issue.  CVE-2008-3890
+
+	In case of an incoming ICMPv6 'Packet Too Big Message', there is an
+	insufficient check on the proposed new MTU for a path to the 
+	destination.
+	CVE-2008-3530
+
 20080830:
 	MidnightBSD 0.2.1-RELEASE
 
-	Oops, fix some bugs with sysinstall's handling of packages found on the release ISOs.  Tweak etc/firstboot while where here.
+	Oops, fix some bugs with sysinstall's handling of packages found 
+	on the release ISOs.  Tweak etc/firstboot while where here.
 
 20080829:
 	MidnightBSD 0.2-RELEASE
Index: icmp6.c
===================================================================
RCS file: /home/cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.1.1.2
retrieving revision 1.1.1.2.4.1
diff -L sys/netinet6/icmp6.c -L sys/netinet6/icmp6.c -u -r1.1.1.2 -r1.1.1.2.4.1
--- sys/netinet6/icmp6.c
+++ sys/netinet6/icmp6.c
@@ -1128,6 +1128,15 @@
 	if (!validated)
 		return;
 
+	/*
+	 * In case the suggested mtu is less than IPV6_MMTU, we
+	 * only need to remember that it was for above mentioned
+	 * "alwaysfrag" case.
+	 * Try to be as close to the spec as possible.
+	 */
+	if (mtu < IPV6_MMTU)
+		mtu = IPV6_MMTU - 8;
+
 	bzero(&inc, sizeof(inc));
 	inc.inc_flags = 1; /* IPv6 */
 	inc.inc6_faddr = *dst;


More information about the Midnightbsd-cvs mailing list