Date: Tue, 14 May 2024 20:38:58 GMT From: Marko Zec <zec@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 0418d7a09037 - stable/14 - fib_dxr: set fib_data field in struct dxr_aux early enough Message-ID: <202405142038.44EKcwkQ092523@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/14 has been updated by zec: URL: https://cgit.FreeBSD.org/src/commit/?id=0418d7a0903725ade71ae77c4ff900010a93a185 commit 0418d7a0903725ade71ae77c4ff900010a93a185 Author: Marko Zec <zec@FreeBSD.org> AuthorDate: 2024-05-07 15:44:09 +0000 Commit: Marko Zec <zec@FreeBSD.org> CommitDate: 2024-05-14 20:32:41 +0000 fib_dxr: set fib_data field in struct dxr_aux early enough Previously it was possible for dxr_build() to return with da->fd unset in case of range_tbl or x_tbl malloc() failures. This may have led to NULL ptr dereferencing in dxr_change_rib_batch(). MFC after: 1 week PR: 278422 --- sys/netinet/in_fib_dxr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netinet/in_fib_dxr.c b/sys/netinet/in_fib_dxr.c index 91f3bafdb47d..82245ecf6e66 100644 --- a/sys/netinet/in_fib_dxr.c +++ b/sys/netinet/in_fib_dxr.c @@ -882,6 +882,7 @@ dxr_build(struct dxr *dxr) } dxr->aux = da; da->fibnum = dxr->fibnum; + da->fd = dxr->fd; da->refcnt = 1; LIST_INIT(&da->all_chunks); LIST_INIT(&da->all_trie); @@ -918,7 +919,6 @@ dxr_build(struct dxr *dxr) trie_rebuild = 1; } #endif - da->fd = dxr->fd; microuptime(&t0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405142038.44EKcwkQ092523>