MFC r209624
* Do not dereference a NULL pointer when calling an SCTP send syscall not providing a destination address and using ktrace. * Do not copy out kernel memory when providing sinfo for sctp_recvmsg(). Both bugs where reported by Valentin Nechayev. The first bug results in a kernel panic. Approved by: re@
This commit is contained in:
parent
6543f92a8c
commit
2f9f22aec1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/releng/8.1/; revision=209711
@ -2413,7 +2413,7 @@ sctp_generic_sendmsg (td, uap)
|
||||
if (error)
|
||||
goto sctp_bad;
|
||||
#ifdef KTRACE
|
||||
if (KTRPOINT(td, KTR_STRUCT))
|
||||
if (to && (KTRPOINT(td, KTR_STRUCT)))
|
||||
ktrsockaddr(to);
|
||||
#endif
|
||||
|
||||
@ -2527,7 +2527,7 @@ sctp_generic_sendmsg_iov(td, uap)
|
||||
if (error)
|
||||
goto sctp_bad1;
|
||||
#ifdef KTRACE
|
||||
if (KTRPOINT(td, KTR_STRUCT))
|
||||
if (to && (KTRPOINT(td, KTR_STRUCT)))
|
||||
ktrsockaddr(to);
|
||||
#endif
|
||||
|
||||
@ -2681,6 +2681,7 @@ sctp_generic_recvmsg(td, uap)
|
||||
if (KTRPOINT(td, KTR_GENIO))
|
||||
ktruio = cloneuio(&auio);
|
||||
#endif /* KTRACE */
|
||||
memset(&sinfo, 0, sizeof(struct sctp_sndrcvinfo));
|
||||
CURVNET_SET(so->so_vnet);
|
||||
error = sctp_sorecvmsg(so, &auio, (struct mbuf **)NULL,
|
||||
fromsa, fromlen, &msg_flags,
|
||||
|
Loading…
Reference in New Issue
Block a user