From owner-freebsd-net@FreeBSD.ORG Tue May 4 05:42:25 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02F6A16A4CE for ; Tue, 4 May 2004 05:42:25 -0700 (PDT) Received: from tx3.oucs.ox.ac.uk (tx3.oucs.ox.ac.uk [163.1.2.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6676F43D5A for ; Tue, 4 May 2004 05:42:24 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan3.oucs.ox.ac.uk ([163.1.2.166] helo=localhost) by tx3.oucs.ox.ac.uk with esmtp (Exim 4.24) id 1BKzFf-00044J-Nu for freebsd-net@freebsd.org; Tue, 04 May 2004 13:42:23 +0100 Received: from rx3.oucs.ox.ac.uk ([163.1.2.165]) by localhost (scan3.oucs.ox.ac.uk [163.1.2.166]) (amavisd-new, port 25) with ESMTP id 15463-08 for ; Tue, 4 May 2004 13:42:23 +0100 (BST) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx3.oucs.ox.ac.uk with smtp (Exim 4.24) id 1BKzFf-00044B-AT for freebsd-net@freebsd.org; Tue, 04 May 2004 13:42:23 +0100 Received: (qmail 6942 invoked by uid 1004); 4 May 2004 12:42:23 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.20 (clamscan: 0.67. sweep: 2.18/3.79. Clear:RC:1(163.1.161.131):. Processed in 0.071809 secs); 04 May 2004 12:42:23 -0000 Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 4 May 2004 12:42:23 -0000 Message-Id: <6.1.0.6.1.20040504133711.03d1ce18@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.1.0.6 Date: Tue, 04 May 2004 13:42:20 +0100 To: freebsd-net@freebsd.org From: Colin Percival Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Subject: [patch] Verify that ifaddr_byindex(foo) != NULL X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 May 2004 12:42:25 -0000 Could someone confirm for me that this looks sensible? I don't know anything about this code, but if we're going to check that 0 < ifp->if_index <= if_index, it seems that we should also be checking that ifp->if_index corresponds to an interface which still exists (rather than a gap left behind when an interface was removed). Colin Percival Index: src/sys/netinet/ip_input.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/ip_input.c,v retrieving revision 1.270 diff -u -p -r1.270 ip_input.c --- src/sys/netinet/ip_input.c 2 May 2004 15:10:16 -0000 1.270 +++ src/sys/netinet/ip_input.c 4 May 2004 12:37:02 -0000 @@ -2053,7 +2053,8 @@ ip_savecontrol(inp, mp, ip, m) struct sockaddr_dl *sdl2 = &sdlbuf.sdl; if (((ifp = m->m_pkthdr.rcvif)) - && ( ifp->if_index && (ifp->if_index <= if_index))) { + && ( ifp->if_index && (ifp->if_index <= if_index)) && + (ifaddr_byindex(ifp->if_index) != NULL)) { sdp = (struct sockaddr_dl *) (ifaddr_byindex(ifp->if_index)->ifa_addr); /*