[Midnightbsd-cvs] [MidnightBSD/src] 5cad99: In some cases, the `tcp-setmss` handler may free t...
Lucas Holt
noreply at github.com
Tue Dec 16 20:53:49 EST 2025
Branch: refs/heads/stable/3.2
Home: https://github.com/MidnightBSD/src
Commit: 5cad99a249a6390c4b3f9a0d35d4f9c47c7dce2c
https://github.com/MidnightBSD/src/commit/5cad99a249a6390c4b3f9a0d35d4f9c47c7dce2c
Author: Lucas Holt <luke at foolishgames.com>
Date: 2025-12-16 (Tue, 16 Dec 2025)
Changed paths:
M sys/netpfil/ipfw/pmod/tcpmod.c
Log Message:
-----------
In some cases, the `tcp-setmss` handler may free the packet data and throw an
error without halting the rule processing engine. A subsequent rule can then
allow the traffic after the packet data is gone, resulting in a NULL pointer
dereference.
Fixes a DOS issue.
Obtained from: FreeBSD
Commit: 4a5e96112ed82159e4b9c62e570ef5e7503b31f8
https://github.com/MidnightBSD/src/commit/4a5e96112ed82159e4b9c62e570ef5e7503b31f8
Author: Lucas Holt <luke at foolishgames.com>
Date: 2025-12-16 (Tue, 16 Dec 2025)
Changed paths:
M usr.sbin/rtsold/rtsol.c
Log Message:
-----------
The rtsol(8) and rtsold(8) programs do not validate the domain search list
options provided in router advertisement messages; the option body is passed
to resolvconf(8) unmodified.
resolvconf(8) is a shell script which does not validate its input. A lack of
quoting meant that shell commands pass as input to resolvconf(8) may be
executed.
Obtained from: FreeBSD
Commit: 238597f5b17f75f342b4a6a0821e71a7bc6f22f2
https://github.com/MidnightBSD/src/commit/238597f5b17f75f342b4a6a0821e71a7bc6f22f2
Author: Lucas Holt <luke at foolishgames.com>
Date: 2025-12-16 (Tue, 16 Dec 2025)
Changed paths:
M UPDATING
M sys/conf/newvers.sh
Log Message:
-----------
Document and bump for security issue.
Compare: https://github.com/MidnightBSD/src/compare/925859dd4b4e...238597f5b17f
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list