From owner-svn-src-all@FreeBSD.ORG Sat Sep 12 19:45:56 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65BF1106566B; Sat, 12 Sep 2009 19:45:56 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1F11C8FC0C; Sat, 12 Sep 2009 19:45:56 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n8CJjtIR095734; Sat, 12 Sep 2009 19:45:55 GMT (envelope-from bms@svn.freebsd.org) Received: (from bms@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n8CJjt5P095732; Sat, 12 Sep 2009 19:45:55 GMT (envelope-from bms@svn.freebsd.org) Message-Id: <200909121945.n8CJjt5P095732@svn.freebsd.org> From: Bruce M Simpson Date: Sat, 12 Sep 2009 19:45:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r197132 - head/sys/netinet X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Sep 2009 19:45:56 -0000 Author: bms Date: Sat Sep 12 19:45:55 2009 New Revision: 197132 URL: http://svn.freebsd.org/changeset/base/197132 Log: Tighten input checking in inp_join_group(): * Don't try to use the source address, when its family is unspecified. * If we get a join without a source, on an existing inclusive mode group, this is an error, as it would change the filter mode. Fix a problem with the handling of in_mfilter for new memberships: * Do not rely on imf being NULL; it is explicitly initialized to a non-NULL pointer when constructing a membership. * Explicitly initialize *imf to EX mode when the source address is unspecified. This fixes a problem with in_mfilter slot recycling in the join path. PR: 138690 Submitted by: Stef Walter MFC after: 5 days Modified: head/sys/netinet/in_mcast.c Modified: head/sys/netinet/in_mcast.c ============================================================================== --- head/sys/netinet/in_mcast.c Sat Sep 12 19:27:54 2009 (r197131) +++ head/sys/netinet/in_mcast.c Sat Sep 12 19:45:55 2009 (r197132) @@ -1957,11 +1957,6 @@ inp_join_group(struct inpcb *inp, struct if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) return (EADDRNOTAVAIL); - /* - * MCAST_JOIN_SOURCE on an exclusive membership is an error. - * On an existing inclusive membership, it just adds the - * source to the filter list. - */ imo = inp_findmoptions(inp); idx = imo_match_group(imo, ifp, &gsa->sa); if (idx == -1) { @@ -1969,15 +1964,33 @@ inp_join_group(struct inpcb *inp, struct } else { inm = imo->imo_membership[idx]; imf = &imo->imo_mfilters[idx]; - if (ssa->ss.ss_family != AF_UNSPEC && - imf->imf_st[1] != MCAST_INCLUDE) { - error = EINVAL; - goto out_inp_locked; - } - lims = imo_match_source(imo, idx, &ssa->sa); - if (lims != NULL) { - error = EADDRNOTAVAIL; - goto out_inp_locked; + if (ssa->ss.ss_family != AF_UNSPEC) { + /* + * MCAST_JOIN_SOURCE on an exclusive membership + * is an error. On an existing inclusive membership, + * it just adds the source to the filter list. + */ + if (imf->imf_st[1] != MCAST_INCLUDE) { + error = EINVAL; + goto out_inp_locked; + } + /* Throw out duplicates. */ + lims = imo_match_source(imo, idx, &ssa->sa); + if (lims != NULL) { + error = EADDRNOTAVAIL; + goto out_inp_locked; + } + } else { + /* + * MCAST_JOIN_GROUP on an existing inclusive + * membership is an error; if you want to change + * filter mode, you must use the userland API + * setsourcefilter(). + */ + if (imf->imf_st[1] == MCAST_INCLUDE) { + error = EINVAL; + goto out_inp_locked; + } } } @@ -2010,7 +2023,8 @@ inp_join_group(struct inpcb *inp, struct /* * Graft new source into filter list for this inpcb's * membership of the group. The in_multi may not have - * been allocated yet if this is a new membership. + * been allocated yet if this is a new membership, however, + * the in_mfilter slot will be allocated and must be initialized. */ if (ssa->ss.ss_family != AF_UNSPEC) { /* Membership starts in IN mode */ @@ -2027,6 +2041,12 @@ inp_join_group(struct inpcb *inp, struct error = ENOMEM; goto out_imo_free; } + } else { + /* No address specified; Membership starts in EX mode */ + if (is_new) { + CTR1(KTR_IGMPV3, "%s: new join w/o source", __func__); + imf_init(imf, MCAST_UNDEFINED, MCAST_EXCLUDE); + } } /*