On 9. Mar 2012, at 13:12 , Michael Tuexen wrote:
> Author: tuexen
> Date: Fri Mar 9 13:12:33 2012
> New Revision: 232723
> URL: http://svn.freebsd.org/changeset/base/232723
>
> Log:
> Fix a bug reported by Peter Holm which results in a crash:
> Verify in sctp_peeloff() that the socket is a one-to-many
> style SCTP socket.
/scratch/tmp/bz/head.svn/sys/netinet/sctp_peeloff.c: In function
'sctp_can_peel_off':
/scratch/tmp/bz/head.svn/sys/netinet/sctp_peeloff.c:59: warning: 'inp' is used
uninitialized in this function
>
> MFC after: 3 days.
>
> Modified:
> head/sys/netinet/sctp_peeloff.c
>
> Modified: head/sys/netinet/sctp_peeloff.c
> ==============================================================================
> --- head/sys/netinet/sctp_peeloff.c Fri Mar 9 13:06:24 2012
> (r232722)
> +++ head/sys/netinet/sctp_peeloff.c Fri Mar 9 13:12:33 2012
> (r232723)
> @@ -55,6 +55,15 @@ sctp_can_peel_off(struct socket *head, s
> struct sctp_tcb *stcb;
> uint32_t state;
>
> + if (head == NULL) {
> + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
> EBADF);
> + return (EBADF);
> + }
> + if ((head->so_proto->pr_protocol != IPPROTO_SCTP) ||
> + (head->so_type != SOCK_SEQPACKET)) {
> + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
> EOPNOTSUPP);
> + return (EOPNOTSUPP);
> + }
> inp = (struct sctp_inpcb *)head->so_pcb;
> if (inp == NULL) {
> SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF,
> EFAULT);
--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
