Date: Mon, 31 Jan 2005 13:14:05 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Maxim Konovalov <maxim@macomnet.ru> Cc: current@freebsd.org Subject: Re: OpenBSD's tcpdrop(8) Message-ID: <Pine.NEB.3.96L.1050131131132.35704E-100000@fledge.watson.org> In-Reply-To: <20050131160414.S6885@mp2.macomnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 31 Jan 2005, Maxim Konovalov wrote:
> > The locking in the 6.x version looked reasonable, although you need to
> > check to see if the (tp) returned by tcp_drop() is NULL or not and then
> > conditionally unlock the inpcb if it's non-NULL -- otherwise you might
> > unlock a free'd inpcb. There doesn't seem to be much validation of the
> > tcp_ident_mapping structure, such as validation that the address lengths,
> > etc, are correct?
>
> I've updated the diff for HEAD. How does it look now? TIA!
The locking needs slightly more tweaking -- note that you still need to
unlock (inp) if (tp = intotcpcb(inp)) returns NULL, and right now that
won't happen. The "check tp for NULL" unlock case should only occur if
you call tcp_drop(). Perhaps something like this:
INP_LOCK(inp);
if ((tp = intotcpcb(inp)) &&
((inp->inp_socket->so_options & SO_ACCEPTCONN) == 0)) {
tp = tcp_drop(tp, ECONNABORTED);
if (tp != NULL)
INP_UNLOCK(inp);
} else
INP_UNLOCK(inp);
Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050131131132.35704E-100000>