[Midnightbsd-cvs] [MidnightBSD/src] 0b9dc7: In some cases, the `tcp-setmss` handler may free t...

Lucas Holt noreply at github.com
Tue Dec 16 20:49:33 EST 2025 

  Branch: refs/heads/stable/4.0
  Home:   https://github.com/MidnightBSD/src
  Commit: 0b9dc7c8090b4f45092522b1731321e26414baae
      https://github.com/MidnightBSD/src/commit/0b9dc7c8090b4f45092522b1731321e26414baae
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2025-12-16 (Tue, 16 Dec 2025)

  Changed paths:
    M sys/netpfil/ipfw/pmod/tcpmod.c

  Log Message:
  -----------
  In some cases, the `tcp-setmss` handler may free the packet data and throw an
error without halting the rule processing engine.  A subsequent rule can then
allow the traffic after the packet data is gone, resulting in a NULL pointer
dereference.

Fixes a DOS issue.

Obtained from: FreeBSD


  Commit: 36bfbbe88406daa86d2df9704504207a9e10e660
      https://github.com/MidnightBSD/src/commit/36bfbbe88406daa86d2df9704504207a9e10e660
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2025-12-16 (Tue, 16 Dec 2025)

  Changed paths:
    M usr.sbin/rtsold/rtsol.c

  Log Message:
  -----------
  The rtsol(8) and rtsold(8) programs do not validate the domain search list
options provided in router advertisement messages; the option body is passed
to resolvconf(8) unmodified.

resolvconf(8) is a shell script which does not validate its input.  A lack of
quoting meant that shell commands pass as input to resolvconf(8) may be
executed.

Obtained from: FreeBSD


  Commit: 8efcd0366db9227cef4e6e085cbcd29b7310f082
      https://github.com/MidnightBSD/src/commit/8efcd0366db9227cef4e6e085cbcd29b7310f082
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2025-12-16 (Tue, 16 Dec 2025)

  Changed paths:
    M UPDATING
    M sys/conf/newvers.sh

  Log Message:
  -----------
  Bump OS version to 4.0.1 (security vulnerabilities patched)


Compare: https://github.com/MidnightBSD/src/compare/d62d094d3545...8efcd0366db9

To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications

More information about the Midnightbsd-cvs mailing list