Fix a logic error in uipc_ready_scan().

When processing the last record in a socket buffer, take care to avoid a NULL pointer dereference when advancing the record iterator. Reported by: syzbot+6a689cc9c27bd265237a@syzkaller.appspotmail.com Fixes: r359778 MFC after: 1 week Sponsored by: The FreeBSD Foundation
svn path=/head/; revision=363682
2020-07-30 00:52:37 +00:00 · 2020-07-30 00:52:37 +00:00 · 1b778ba260 · 2020-12-20 02:59:44 +00:00
commit 1b778ba260
parent d2090a40d0
1 changed files with 2 additions and 1 deletions
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@ -1279,7 +1279,8 @@ uipc_ready_scan(struct socket *so, struct mbuf *m, int count, int *errorp)
 			mb = mb->m_next;
 			if (mb == NULL) {
 				mb = n;
-				n = mb->m_nextpkt;
+				if (mb != NULL)
+					n = mb->m_nextpkt;
 			}
 		}
 	}