Date: Sat, 13 Sep 2003 15:34:52 -0700 (PDT) From: Bill Paul <wpaul@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet6 in6_ifattach.c Message-ID: <200309132234.h8DMYqPi072523@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
wpaul 2003/09/13 15:34:52 PDT
FreeBSD src repository
Modified files:
sys/netinet6 in6_ifattach.c
Log:
The in6_ifattach() routine contains the following code:
in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);
The problem here is that udbinfo.listhead and ripcbinfo.listhead are
not initialized during the device probe/attach phase of the kernel
boot process. So if, for example, a network driver calls ether_ifattach()
in its foo_attach() routine and then decides that something is wrong
and calls ether_ifdetach() to reverse the process, we will panic trying
to dereference the uninitialized list head pointers. (Though the
same sequence of events performed after the kernel has come up works
file, i.e. doing kldload if_foo from multiuser.)
Change this to:
if (udbinfo.listhead != NULL)
in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
if (ripcbinfo.listhead != NULL)
in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);
to avoid the NULL pointer dereferences.
Revision Changes Path
1.12 +4 -2 src/sys/netinet6/in6_ifattach.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309132234.h8DMYqPi072523>