Date: Mon, 12 Mar 2012 21:34:10 +0000 (UTC) From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r232900 - stable/9/sys/netinet Message-ID: <201203122134.q2CLYAUX088105@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tuexen Date: Mon Mar 12 21:34:10 2012 New Revision: 232900 URL: http://svn.freebsd.org/changeset/base/232900 Log: MFC r232723,r232726: Fix a bug reported by Peter Holm which results in a crash: Verify in sctp_peeloff() that the socket is a one-to-many style SCTP socket. Modified: stable/9/sys/netinet/sctp_peeloff.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/netinet/sctp_peeloff.c ============================================================================== --- stable/9/sys/netinet/sctp_peeloff.c Mon Mar 12 21:32:43 2012 (r232899) +++ stable/9/sys/netinet/sctp_peeloff.c Mon Mar 12 21:34:10 2012 (r232900) @@ -55,9 +55,18 @@ sctp_can_peel_off(struct socket *head, s struct sctp_tcb *stcb; uint32_t state; + if (head == NULL) { + SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EBADF); + return (EBADF); + } + if ((head->so_proto->pr_protocol != IPPROTO_SCTP) || + (head->so_type != SOCK_SEQPACKET)) { + SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EOPNOTSUPP); + return (EOPNOTSUPP); + } inp = (struct sctp_inpcb *)head->so_pcb; if (inp == NULL) { - SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT); + SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT); return (EFAULT); } stcb = sctp_findassociation_ep_asocid(inp, assoc_id, 1);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203122134.q2CLYAUX088105>