From owner-svn-src-head@freebsd.org  Sun May  6 19:55:21 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 25DDBFC4A02;
 Sun,  6 May 2018 19:55:21 +0000 (UTC)
 (envelope-from tuexen@freebsd.org)
Received: from drew.franken.de (mail-n.franken.de [193.175.24.27])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.franken.de",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id BC86B6DC95;
 Sun,  6 May 2018 19:55:20 +0000 (UTC)
 (envelope-from tuexen@freebsd.org)
Received: from [192.168.1.131] (p57BB4F6D.dip0.t-ipconnect.de [87.187.79.109])
 (Authenticated sender: macmic)
 by mail-n.franken.de (Postfix) with ESMTPSA id A9527721E280C;
 Sun,  6 May 2018 21:55:11 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Subject: Re: svn commit: r333304 - head/sys/netinet
From: Michael Tuexen <tuexen@freebsd.org>
In-Reply-To: <CAG6CVpWM2zA4NbvPmCHJ4Q7VBG2eVErwvZVXenNyu1CLWPYRag@mail.gmail.com>
Date: Sun, 6 May 2018 21:55:10 +0200
Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <30787D45-D97E-4AB0-9EA5-E2B003796D9B@freebsd.org>
References: <201805061419.w46EJpj3094778@repo.freebsd.org>
 <CAG6CVpWM2zA4NbvPmCHJ4Q7VBG2eVErwvZVXenNyu1CLWPYRag@mail.gmail.com>
To: cem@freebsd.org
X-Mailer: Apple Mail (2.3445.6.18)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 May 2018 19:55:21 -0000

> On 6. May 2018, at 19:09, Conrad Meyer <cem@FreeBSD.org> wrote:
>=20
> FYI, Coverity can detect this kind of issue scanning the kernel (not
> just usrsctp).  It was detected as CID 1385266 on FreeBSD's Coverity
> Scan.
That is correct. I just had problems in getting access to the FreeBSD
page, so I didn't know the number. This has now been resolved.

Best regards
Michael
>=20
> Best,
> Conrad
>=20
> On Sun, May 6, 2018 at 7:19 AM, Michael Tuexen <tuexen@freebsd.org> =
wrote:
>> Author: tuexen
>> Date: Sun May  6 14:19:50 2018
>> New Revision: 333304
>> URL: https://svnweb.freebsd.org/changeset/base/333304
>>=20
>> Log:
>>  Ensure we are not dereferencing a NULL pointer.
>>=20
>>  This was found by Coverity scanning the usrsctp stack (CID 203808).
>>=20
>>  MFC after:    3 days
>>=20
>> Modified:
>>  head/sys/netinet/sctp_indata.c
>>=20
>> Modified: head/sys/netinet/sctp_indata.c
>> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
>> --- head/sys/netinet/sctp_indata.c      Sun May  6 13:59:56 2018      =
  (r333303)
>> +++ head/sys/netinet/sctp_indata.c      Sun May  6 14:19:50 2018      =
  (r333304)
>> @@ -3621,7 +3621,9 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb =
*stcb, stru
>>                                                    =
SCTP_SO_NOT_LOCKED);
>>                                        }
>>                                        /* Make sure to flag we had a =
FR */
>> -                                       tp1->whoTo->net_ack++;
>> +                                       if (tp1->whoTo !=3D NULL) {
>> +                                               =
tp1->whoTo->net_ack++;
>> +                                       }
>>                                        continue;
>>                                }
>>                        }
>>=20