The branch main has been updated by glebius:
URL:
https://cgit.FreeBSD.org/src/commit/?id=c56e75390e33d31f4e3d1d9d8725b3c293e2feba
commit c56e75390e33d31f4e3d1d9d8725b3c293e2feba
Author: Gleb Smirnoff <gleb...@freebsd.org>
AuthorDate: 2025-03-13 16:53:40 +0000
Commit: Gleb Smirnoff <gleb...@freebsd.org>
CommitDate: 2025-03-13 16:53:40 +0000
inpcb: make sure we don't pass uninitialized faddr to in_pcbladdr()
This very theoretical edge case was discovered by Coverity, not sure if
it was introduced by 2af953b132ee or was there before.
CID: 1593695
Fixes: 2af953b132ee8d2eb4d8d7bb15fc38bf04dde348
---
sys/netinet/in_pcb.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index a14792649519..9a49353f1538 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1115,14 +1115,13 @@ in_pcbconnect(struct inpcb *inp, struct sockaddr_in
*sin, struct ucred *cred)
IA_SIN(CK_STAILQ_FIRST(&V_in_ifaddrhead))->sin_addr;
if ((error = prison_get_ip4(cred, &faddr)) != 0)
return (error);
- } else if (sin->sin_addr.s_addr == INADDR_BROADCAST) {
- if (CK_STAILQ_FIRST(&V_in_ifaddrhead)->ia_ifp->if_flags
- & IFF_BROADCAST)
- faddr = satosin(&CK_STAILQ_FIRST(
- &V_in_ifaddrhead)->ia_broadaddr)->sin_addr;
- else
- faddr = sin->sin_addr;
- }
+ } else if (sin->sin_addr.s_addr == INADDR_BROADCAST &&
+ CK_STAILQ_FIRST(&V_in_ifaddrhead)->ia_ifp->if_flags
+ & IFF_BROADCAST) {
+ faddr = satosin(&CK_STAILQ_FIRST(
+ &V_in_ifaddrhead)->ia_broadaddr)->sin_addr;
+ } else
+ faddr = sin->sin_addr;
} else
faddr = sin->sin_addr;
