upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-10 17:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netinet
History
Michael Tuexen 0da18fba2b tcp: plug an mbuf leak 
When a challenge ACK should be sent via tcp_send_challenge_ack(),
but the rate limiter suppresses the sending, free the mbuf chain.
The caller of tcp_send_challenge_ack() expects this similar to the
callers of tcp_respond().

Approved by:	so
Security:	FreeBSD-SA-26:06.tcp
Security:       CVE-2026-4247
Reviewed by:	lstewart
Tested by:	lstewart
Sponsored by:	Netflix, Inc.
2026-03-26 08:04:46 +01:00
..
cc netinet: Use proper prototype for SYSINIT functions 2026-02-18 13:06:52 +01:00
khelp sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
libalias libalias: fix subtle racy problem in outside-inside forwarding 2024-08-25 13:31:24 +07:00
netdump netdump: Check the return value of ifunit_ref() 2023-10-08 20:41:42 -04:00
tcp_stacks tcp rack: fix sendmap app limited count tracking 2026-01-20 10:05:34 +01:00
accf_data.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
accf_dns.c sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
accf_http.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
dccp.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
icmp6.h icmp6: move ICMPv6 related tunables to the files where they are used 2024-06-26 12:48:44 +08:00
icmp_var.h icmp: remove unused BANDLIM_UNLIMITED 2026-01-20 09:48:12 +01:00
if_ether.c netinet: enter epoch in garp_rexmit() 2025-01-27 10:04:34 +01:00
if_ether.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
igmp.c igmp: apply net.inet.igmp.default_version to existing interfaces 2026-02-11 10:12:58 +01:00
igmp.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
igmp_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
in.c bridge: Fix adding gif(4) interface assigned with IP addresses as bridge memeber 2025-10-06 17:05:58 +02:00
in.h netinet: Make in_canforward() return bool 2025-03-07 12:02:41 +08:00
in_cksum.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_debug.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_fib.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_fib.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in_fib_algo.c netinet: Use proper prototype for SYSINIT functions 2026-02-18 13:06:52 +01:00
in_fib_dxr.c fib_dxr: code hygiene, prune old code, no functional changes 2024-05-22 19:34:40 +02:00
in_gif.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_jail.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_kdtrace.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_kdtrace.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in_mcast.c mcast: fix leaked igmp packets on multicast cleanup 2024-08-26 09:46:21 -06:00
in_pcb.c ddb: provide inp_flags2 when printing inpcbs 2026-01-20 09:46:27 +01:00
in_pcb.h ddb: provide inp_flags2 when printing inpcbs 2026-01-20 09:46:27 +01:00
in_pcb_var.h inpcb: Move the definition of struct inpcblbgroup to in_pcb_var.h 2025-02-21 01:04:50 +00:00
in_prot.c Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible() 2023-10-17 16:42:58 -03:00
in_proto.c UDP-Lite: export pcblist via sysctl interface 2026-01-20 09:40:44 +01:00
in_rmx.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
in_rss.c sys: Remove $FreeBSD$: two-line .c pattern 2023-08-16 11:54:30 -06:00
in_rss.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
in_systm.h netinet: Make in_systm.h self-contained 2025-05-07 12:04:59 +00:00
in_var.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ip.h netinet: Make ip.h self-contained 2025-04-24 13:20:57 +00:00
ip6.h netinet: Define IPv6 ECN mask 2024-01-11 09:18:12 -05:00
ip_carp.c carp6: revise the generation of ND6 NA 2026-01-20 09:48:47 +01:00
ip_carp.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ip_carp_nl.h carp: allow commands to use interface name rather than index 2023-03-31 11:29:58 +02:00
ip_divert.c divert: Use a better source identifier for netisr_queue_src() calls 2026-02-26 17:16:09 +01:00
ip_divert.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ip_dummynet.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ip_ecn.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_ecn.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ip_encap.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_encap.h sys: Remove $FreeBSD$: one-line .c comment pattern 2023-08-16 11:54:24 -06:00
ip_fastfwd.c netinet(6): shared forwarding requires different pointers 2025-10-23 17:39:39 +02:00
ip_fw.h ipfw: Fix a typo in a source code comment 2024-05-16 07:59:09 +02:00
ip_gre.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_icmp.c icmp: remove unused BANDLIM_UNLIMITED 2026-01-20 09:48:12 +01:00
ip_icmp.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ip_id.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_input.c pfil: PFIL_PASS never frees the mbuf 2025-07-09 10:05:50 +02:00
ip_mroute.c ip_mroute: Make privilege checking more consistent 2026-02-18 13:08:13 +01:00
ip_mroute.h ip_mroute: Convert to using a regular mutex 2026-02-18 13:08:04 +01:00
ip_options.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
ip_options.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
ip_output.c tcp: fix checksum calculation bug 2026-01-27 13:46:27 +01:00
ip_reass.c rss: add sysctl enable toggle 2025-07-09 10:05:48 +02:00
ip_var.h netinet: provide "at offset" variant of the in_delayed_cksum() API 2026-01-20 09:50:03 +01:00
pim.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
pim_var.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
raw_ip.c divert: Define semantics for SO_REUSEPORT_LB on divert sockets 2026-01-05 13:52:34 +01:00
sctp.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_asconf.c sctp: improve debug output 2024-10-31 12:41:06 +01:00
sctp_asconf.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_auth.c sctp: cleanup locking for notifications 2023-09-15 19:41:16 +02:00
sctp_auth.h sctp: cleanup SCTP AUTH related notification 2023-09-15 19:35:57 +02:00
sctp_bsd_addr.c sctp: support bridge interfaces 2026-02-18 12:45:42 +01:00
sctp_bsd_addr.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_cc_functions.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_constants.h sctp: make sure all SCTP RESET notifications use sctp_ulp_notify() 2023-09-15 19:38:29 +02:00
sctp_crc32.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
sctp_crc32.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_header.h sctp: store heartbeat creation time as time_t 2024-08-04 00:27:00 +02:00
sctp_indata.c sctp: improve input validation for data chunks 2024-08-06 23:32:06 +02:00
sctp_indata.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_input.c sctp, tcp, udp: improve deferred computation of checksums 2025-10-23 08:10:56 +02:00
sctp_input.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_kdtrace.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
sctp_kdtrace.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_lock_bsd.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_module.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
sctp_os.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_os_bsd.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_output.c sctp: improve debug output 2024-10-31 12:41:06 +01:00
sctp_output.h sctp: improve sending of packets containing an INIT ACK chunk 2024-04-17 15:47:17 +02:00
sctp_pcb.c sctp: compute address flags only for IPv6 addresses 2025-07-09 10:05:41 +02:00
sctp_pcb.h sctp: improve handling of address changes 2024-11-06 10:12:28 +01:00
sctp_peeloff.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_peeloff.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_ss_functions.c sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_structs.h sctp: cleanup handling of graceful shutdown of the peer 2023-08-19 12:35:49 +02:00
sctp_syscalls.c sctp: propagate cap rights on sctp_peeloff 2024-10-17 12:29:21 -04:00
sctp_sysctl.c sctp: don't report unusable addresses via sysctl interface 2025-07-09 10:05:41 +02:00
sctp_sysctl.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_timer.c sctp: cleanup 2023-09-15 19:30:51 +02:00
sctp_timer.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_uio.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctp_usrreq.c netinet: Fix getcred sysctl handlers to do nothing if no input is given 2025-04-06 13:54:03 +00:00
sctp_var.h sctp: cleanup cdefs.h include 2023-08-18 15:25:34 +02:00
sctputil.c sctp: improve heartbeat timer computation 2024-08-04 00:27:53 +02:00
sctputil.h sctp: make sure all SCTP RESET notifications use sctp_ulp_notify() 2023-09-15 19:38:29 +02:00
siftr.c siftr: refactor batch log processing 2026-02-18 13:09:31 +01:00
tcp.h tcp: Add a new kernel-only TCP_USE_DDP socket option 2024-04-12 12:25:11 -07:00
tcp_accounting.h Move access to tcp's t_logstate into inline functions and provide new tracepoint and bbpoint capabilities. 2023-03-16 11:43:16 -04:00
tcp_ecn.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
tcp_ecn.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
tcp_fastopen.c tcp_fastopen: Fix a typo in a source code comment 2024-01-25 07:44:39 +01:00
tcp_fastopen.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
tcp_fsm.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
tcp_hostcache.c tcp: Add CTLFLAG_VNET flag to some sysctls 2026-01-20 09:51:37 +01:00
tcp_hpts.c tcp: Fix wrap around comparison bug 2026-01-20 09:58:04 +01:00
tcp_hpts.h tcp: improve variable and constant names 2026-01-20 09:57:26 +01:00
tcp_input.c tcp: fix the test that a duplicate ACK has no data 2026-01-20 10:02:54 +01:00
tcp_log_buf.c tcp: remove duplicate tcp_bblogging_on checks 2026-01-20 09:44:26 +01:00
tcp_log_buf.h tcp: remove duplicate tcp_bblogging_on checks 2026-01-20 09:44:26 +01:00
tcp_lro.c tcp lro: use the flowid only when it has hash properties 2026-01-20 10:03:43 +01:00
tcp_lro.h tcp: make tcp_lro_flush() static 2024-10-31 12:20:35 +01:00
tcp_lro_hpts.c tcp: define tcp_lro_log() only when TCP_BLACKBOX is defined 2025-02-05 08:17:23 +01:00
tcp_offload.c tcp_fill_info(): Change lock assertion on INPCB to locked only 2023-08-22 20:33:49 +02:00
tcp_offload.h tcp_fill_info(): Change lock assertion on INPCB to locked only 2023-08-22 20:33:49 +02:00
tcp_output.c tcp: ensure SACK rxmit never ends up left of its hole 2026-01-20 10:04:11 +01:00
tcp_pcap.c sys: Style fix for M_EXT | M_EXTPG 2024-01-18 14:35:14 -08:00
tcp_pcap.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00
tcp_ratelimit.c tcp_ratelimit: Use static initializers 2025-03-13 18:13:51 +08:00
tcp_ratelimit.h tcp: Silence a -Wunused-function warning in tcp_ratelimit.h 2024-02-18 15:26:28 +01:00
tcp_reass.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
tcp_sack.c tcp sack: improve computation of delivered_data 2026-01-20 10:04:52 +01:00
tcp_seq.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
tcp_stats.c sys: Remove $FreeBSD$: one-line .c pattern 2023-08-16 11:54:36 -06:00
tcp_subr.c tcp: plug an mbuf leak 2026-03-26 08:04:46 +01:00
tcp_syncache.c tcp: remove stray ; 2026-01-20 10:15:58 +01:00
tcp_syncache.h tcp: apply rate limits to challenge ACKs 2026-01-20 10:09:14 +01:00
tcp_timer.c tcp: save progress timeout cause in connection end status 2026-01-20 10:16:32 +01:00
tcp_timer.h tcp: remove TCPTV_TWTRUNC 2025-09-08 10:33:58 +02:00
tcp_timewait.c tcp: use 0 as the value being ignored 2025-09-08 10:29:27 +02:00
tcp_usrreq.c ddb: use %b when showing flags for a tcpcb 2026-01-20 09:41:16 +01:00
tcp_var.h tcp: refactor tcp_send_challenge_ack() 2026-01-20 10:06:36 +01:00
tcpip.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
toecore.c tcp_fill_info(): Change lock assertion on INPCB to locked only 2023-08-22 20:33:49 +02:00
toecore.h tcp_fill_info(): Change lock assertion on INPCB to locked only 2023-08-22 20:33:49 +02:00
udp.h sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
udp_usrreq.c udp: honor IPV6_TCLASS cmsg for UDP/IPv4 packets 2026-01-20 09:41:00 +01:00
udp_var.h UDP-Lite: export pcblist via sysctl interface 2026-01-20 09:40:44 +01:00
udplite.h sys: Remove $FreeBSD$: two-line .h pattern 2023-08-16 11:54:11 -06:00