Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Mar 2012 21:52:32 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
Subject:   svn commit: r232902 - in stable/8/sys: i386/conf netinet
Message-ID:  <201203122152.q2CLqWJ9088720@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Mon Mar 12 21:52:31 2012
New Revision: 232902
URL: http://svn.freebsd.org/changeset/base/232902

Log:
  MFC r232723,r232726:
  Fix a bug reported by Peter Holm which results in a crash:
  Verify in sctp_peeloff() that the socket is a one-to-many
  style SCTP socket.

Modified:
  stable/8/sys/netinet/sctp_peeloff.c
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/boot/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/e1000/   (props changed)
  stable/8/sys/i386/conf/XENHVM   (props changed)

Modified: stable/8/sys/netinet/sctp_peeloff.c
==============================================================================
--- stable/8/sys/netinet/sctp_peeloff.c	Mon Mar 12 21:41:29 2012	(r232901)
+++ stable/8/sys/netinet/sctp_peeloff.c	Mon Mar 12 21:52:31 2012	(r232902)
@@ -55,9 +55,18 @@ sctp_can_peel_off(struct socket *head, s
 	struct sctp_tcb *stcb;
 	uint32_t state;
 
+	if (head == NULL) {
+		SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EBADF);
+		return (EBADF);
+	}
+	if ((head->so_proto->pr_protocol != IPPROTO_SCTP) ||
+	    (head->so_type != SOCK_SEQPACKET)) {
+		SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EOPNOTSUPP);
+		return (EOPNOTSUPP);
+	}
 	inp = (struct sctp_inpcb *)head->so_pcb;
 	if (inp == NULL) {
-		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
+		SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
 		return (EFAULT);
 	}
 	stcb = sctp_findassociation_ep_asocid(inp, assoc_id, 1);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203122152.q2CLqWJ9088720>