Date: Fri, 03 Aug 2001 22:34:04 +0100 From: Ian Dowse <iedowse@maths.tcd.ie> To: "Daniel C. Sobral" <dcs@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_output.c Message-ID: <200108032234.aa06871@salmon.maths.tcd.ie> In-Reply-To: Your message of "Fri, 03 Aug 2001 10:36:07 PDT." <200108031736.f73Ha7Q52998@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200108031736.f73Ha7Q52998@freefall.freebsd.org>, "Daniel C. Sobral"
writes:
> MFS: Avoid dropping fragments in the absence of an interface address.
>
> Noticed by: fenner
> Submitted by: iedowse
> Not committed to current by: iedowse ;-)
Hey, that's a little unfair :-) I was fixing a real problem in
ip_input just before 4.3-RELEASE, where `ia' wasn't always initialised
before being dereferenced. As I didn't analyse every possible code
path to ip_output, I added some sanity checks to catch the case of
`ia' being NULL even though this "couldn't happen" according to
the surrounding code. It seems that those cases really cannot
happen, so the sanity checks are never triggered.
Since then however, revision 1.29 introduced a case where ia could
become NULL, and revision 1.131 "fixed" this case by completely
dropping the fragment if ia is NULL. This revision (1.132) backs
out part of 1.131:
1.31:
- if (error == 0) {
+ if (error == 0 && ia) {
...
error = (*ifp->if_output)(ifp, m, ...
} else
m_freem(m);
1.32:
- if (error == 0 && ia) {
+ if (error == 0) {
...
error = (*ifp->if_output)(ifp, m, ...
} else
m_freem(m);
and it adds a (now necessary) test that just happens to result in
similar code to that in -stable; however it is avoiding a case that
can happen instead of one that can't.
Ian
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi? <200108032234.aa06871>