OpenBSD cvs log

created 2018-11-30T01:23:29Z
begin 2018-08-07T00:00:00Z
end 2018-08-08T00:00:00Z
path src/sys
commits 3

date 2018-08-07T12:38:15Z
author visa
files src/sys/kern/kern_event.c log diff annotate
message Fix dangling knote references.

kqueue_close() does not take into account that the kqueue instance may
have queued knotes. This can cause a use-after-free if new knotes are
enqueued on the kqueue as a result of file closing.

Correct the error by dequeueing each knote before freeing it.
Since r1.93 of kern_event.c, each kqueue instance has its knotes
in nonshared lists kq_knhash and kq_knlist, so kqueue_close() does
not have to skip other kqueues' knotes any longer. The code can be
simplified by using knote_remove() for clearing the knote lists.
The function uses knote_drop() which takes care of knote dequeueing.

Found and initial analysis by anton@
OK anton@, mpi@

date 2018-08-07T15:07:54Z
author deraadt
files src/sys/kern/kern_unveil.c log diff annotate
message UNVEIL_* flags defined elsewhere in a .h file

date 2018-08-07T18:13:14Z
author stsp
files src/sys/net80211/ieee80211_input.c log diff annotate
src/sys/net80211/ieee80211_node.c log diff annotate
src/sys/net80211/ieee80211_node.h log diff annotate
message Ignore basic MCS set information found in association responses.

Some APs (Aruba 105) send a bogus basic MCS set in assoc responses
which prevents us from enabling 11n support with those APs, while
these APs still behave as if were were an 11n client which renders
the association unusable.

The basic MSC set is already provided in beacons anyway, and the
802.11 2012 standard says the basic MSC set is reserved in frames
other than beacons (see Table 8-130).

ok mpi@