Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Mar 2012 14:08:41 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Michael Tuexen <tuexen@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r232723 - head/sys/netinet
Message-ID:  <6E2D25B4-B9BC-4D51-98BF-FDE1EDDED7CB@lists.zabbadoz.net>
In-Reply-To: <201203091312.q29DCXLJ008313@svn.freebsd.org>
References:  <201203091312.q29DCXLJ008313@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 9. Mar 2012, at 13:12 , Michael Tuexen wrote:

> Author: tuexen
> Date: Fri Mar  9 13:12:33 2012
> New Revision: 232723
> URL: http://svn.freebsd.org/changeset/base/232723
>=20
> Log:
>  Fix a bug reported by Peter Holm which results in a crash:
>  Verify in sctp_peeloff() that the socket is a one-to-many
>  style SCTP socket.

/scratch/tmp/bz/head.svn/sys/netinet/sctp_peeloff.c: In function =
'sctp_can_peel_off':
/scratch/tmp/bz/head.svn/sys/netinet/sctp_peeloff.c:59: warning: 'inp' =
is used uninitialized in this function


>=20
>  MFC after: 3 days.
>=20
> Modified:
>  head/sys/netinet/sctp_peeloff.c
>=20
> Modified: head/sys/netinet/sctp_peeloff.c
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
> --- head/sys/netinet/sctp_peeloff.c	Fri Mar  9 13:06:24 2012	=
(r232722)
> +++ head/sys/netinet/sctp_peeloff.c	Fri Mar  9 13:12:33 2012	=
(r232723)
> @@ -55,6 +55,15 @@ sctp_can_peel_off(struct socket *head, s
> 	struct sctp_tcb *stcb;
> 	uint32_t state;
>=20
> +	if (head =3D=3D NULL) {
> +		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, =
SCTP_FROM_SCTP_PEELOFF, EBADF);
> +		return (EBADF);
> +	}
> +	if ((head->so_proto->pr_protocol !=3D IPPROTO_SCTP) ||
> +	    (head->so_type !=3D SOCK_SEQPACKET)) {
> +		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, =
SCTP_FROM_SCTP_PEELOFF, EOPNOTSUPP);
> +		return (EOPNOTSUPP);
> +	}
> 	inp =3D (struct sctp_inpcb *)head->so_pcb;
> 	if (inp =3D=3D NULL) {
> 		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, =
SCTP_FROM_SCTP_PEELOFF, EFAULT);

--=20
Bjoern A. Zeeb                                 You have to have visions!
   It does not matter how good you are. It matters what good you do!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6E2D25B4-B9BC-4D51-98BF-FDE1EDDED7CB>