Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Mar 2012 16:42:40 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org
Subject:   svn commit: r232928 - in releng/8.3/sys: i386/conf netinet
Message-ID:  <201203131642.q2DGgen8053199@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Tue Mar 13 16:42:39 2012
New Revision: 232928
URL: http://svn.freebsd.org/changeset/base/232928

Log:
  MFC r232723, r232726:
  Fix a bug reported by Peter Holm which results in a crash:
  Verify in sctp_peeloff() that the socket is a one-to-many
  style SCTP socket.
  
  Approved by: re@

Modified:
  releng/8.3/sys/netinet/sctp_peeloff.c
Directory Properties:
  releng/8.3/sys/   (props changed)
  releng/8.3/sys/amd64/include/xen/   (props changed)
  releng/8.3/sys/boot/   (props changed)
  releng/8.3/sys/cddl/contrib/opensolaris/   (props changed)
  releng/8.3/sys/contrib/dev/acpica/   (props changed)
  releng/8.3/sys/contrib/pf/   (props changed)
  releng/8.3/sys/dev/e1000/   (props changed)
  releng/8.3/sys/i386/conf/XENHVM   (props changed)

Modified: releng/8.3/sys/netinet/sctp_peeloff.c
==============================================================================
--- releng/8.3/sys/netinet/sctp_peeloff.c	Tue Mar 13 15:21:14 2012	(r232927)
+++ releng/8.3/sys/netinet/sctp_peeloff.c	Tue Mar 13 16:42:39 2012	(r232928)
@@ -55,9 +55,18 @@ sctp_can_peel_off(struct socket *head, s
 	struct sctp_tcb *stcb;
 	uint32_t state;
 
+	if (head == NULL) {
+		SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EBADF);
+		return (EBADF);
+	}
+	if ((head->so_proto->pr_protocol != IPPROTO_SCTP) ||
+	    (head->so_type != SOCK_SEQPACKET)) {
+		SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EOPNOTSUPP);
+		return (EOPNOTSUPP);
+	}
 	inp = (struct sctp_inpcb *)head->so_pcb;
 	if (inp == NULL) {
-		SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
+		SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
 		return (EFAULT);
 	}
 	stcb = sctp_findassociation_ep_asocid(inp, assoc_id, 1);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203131642.q2DGgen8053199>