From owner-svn-src-stable@FreeBSD.ORG  Thu Apr 23 17:47:15 2009
Return-Path: <owner-svn-src-stable@FreeBSD.ORG>
Delivered-To: svn-src-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AA77F106564A;
	Thu, 23 Apr 2009 17:47:15 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 981F18FC28;
	Thu, 23 Apr 2009 17:47:15 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n3NHlFvd095227;
	Thu, 23 Apr 2009 17:47:15 GMT (envelope-from rwatson@svn.freebsd.org)
Received: (from rwatson@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id n3NHlFpt095226;
	Thu, 23 Apr 2009 17:47:15 GMT (envelope-from rwatson@svn.freebsd.org)
Message-Id: <200904231747.n3NHlFpt095226@svn.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 23 Apr 2009 17:47:15 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
X-SVN-Group: stable-7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r191434 - stable/7/sys/net
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
	<svn-src-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>, 
	<mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
	<mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2009 17:47:16 -0000

Author: rwatson
Date: Thu Apr 23 17:47:15 2009
New Revision: 191434
URL: http://svn.freebsd.org/changeset/base/191434

Log:
  In sysctl_ifdata(), query the ifnet pointer using the index only
  once, rather than querying it, validating it, and then re-querying
  it without validating it.  This may avoid a NULL pointer
  dereference and resulting kernel page fault if an interface is
  being deleted while bsnmp or other tools are querying data on the
  interface.
  
  The full fix, to properly refcount the interface for the duration
  of the sysctl, is in 8.x, but is considered too high-risk for
  7.2, so instead will appear in 7.3 (if all goes well).
  
  Reproted by:	mdtancsa
  Approved by:	re (kensmith)

Modified:
  stable/7/sys/net/if_mib.c

Modified: stable/7/sys/net/if_mib.c
==============================================================================
--- stable/7/sys/net/if_mib.c	Thu Apr 23 17:41:54 2009	(r191433)
+++ stable/7/sys/net/if_mib.c	Thu Apr 23 17:47:15 2009	(r191434)
@@ -82,11 +82,9 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX
 		return EINVAL;
 
 	if (name[0] <= 0 || name[0] > if_index ||
-	    ifnet_byindex(name[0]) == NULL)
+	    (ifp = ifnet_byindex(name[0])) == NULL)
 		return ENOENT;
 
-	ifp = ifnet_byindex(name[0]);
-
 	switch(name[1]) {
 	default:
 		return ENOENT;