Found Bugs
Newer bugs come first
- Fix udp_output() lock inconsistency.
- Fix IPV6_CHECKSUM computation.
- When sending a routing message, don’t allow the user to set the RTF_RNH_LOCKED flag in rtm_flags.
- Fix an SCTP related locking issue.
- Reinitialize multicast source filter structures after invalidation.
- Fix a small locking bug in tcp_log_id().
- Fix a double free of an SCTP association in an error path.
- Reject F_SETLK_REMOTE commands when sysid == 0.
- Initialize scheduler specific data for the FCFS scheduler.
- Improve locking when tearing down an SCTP association.
- Fix more signed unsigned issues in SCTP.
- Fix a signed/unsigned bug when receiving SCTP messages.
- Limit the size of messages sent on 1-to-many style SCTP sockets with the SCTP_SENDALL flag.
- Limit the number of bytes which can be queued for SCTP sockets.
- Fix a KASSERT() in tcp_output().
- Disallow preemptive creation of wired superpage mappings.
- vm_fault_copy_entry: accept invalid source pages.
- Fix a bug in the SCTP stream schedulers.
- Allocate an association id and register the stcb with holding the lock.
- Allow SCTP stream reconfiguration operations only in ESTABLISHED state.
- Fix handling of the SCTP_STATUS socket option in early states.
- Honor the memory limits provided when processing the SCTP_GET_LOCAL_ADDRESSES socket option.
- Check the index hasn’t changed after writing the cmp entry.
- Improve input validation for raw IPv4 socket using the IP_HDRINCL option.
- Fix a locking issue in the IPPROTO_SCTP level SCTP_PEER_ADDR_THLDS socket.
- Fix a locking bug in the IPPROTO_SCTP level SCTP_EVENT socket option.
- Fix locking for IPPROTO_SCTP level SCTP_DEFAULT_PRINFO socket option.
- Fix an off-by-one error in the input validation of the SCTP_RESET_STREAMS socketoption.
- Limit the user-controllable amount of memory the kernel allocates via IPPROTO_SCTP level socket options.
- Fix getsockopt() for IP_OPTIONS/IP_RETOPTS.
- Avoid overfow in vtruncbuf().
- Limit option_len for the TCP_CCALGOOPT.
- Correct vm_fault_copy_entry() handling of backing file truncation after the file mapping was wired.
- In vm_fault_copy_entry(), we should not assert that entry is charged if the dst_object is not of swap type.
- Handle a guest executing a vm instruction by trapping and raising an undefined instruction exception.
- disallow clock_settime too far in the future to avoid panic.
- Fix parsing error when processing cmsg in SCTP send calls.
原文链接: https://github.com/google/syzkaller/blob/master/docs/freebsd/found_bugs.md
选题: jxlpzqc
本文将由 HCTT 翻译团队 原创翻译,华中科技大学开放原子开源俱乐部荣誉推出。