d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent multicast code from panicing due to unprotected access to INADDR_HASH.

Browse Source 
PR:			220078
MFC after:		1 month
Differential Revision:	https://reviews.freebsd.org/D12457
Tested-by:		Cassiano Peixoto and others
This commit is contained in:
Eugene Grosbein 2018-10-27 04:53:25 +00:00
parent 232485a17e
commit 4f1e3122ac
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=339807
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sys/netinet/in_mcast.c
View File

@ -1444,6 +1444,7 @@ static int
inp_block_unblock_source(struct inpcb *inp, struct sockopt *sopt)
{
struct group_source_req gsr;
struct rm_priotracker in_ifa_tracker;
sockunion_t *gsa, *ssa;
struct ifnet *ifp;
struct in_mfilter *imf;
@ -1481,9 +1482,11 @@ inp_block_unblock_source(struct inpcb *inp, struct sockopt *sopt)
ssa->sin.sin_len = sizeof(struct sockaddr_in);
ssa->sin.sin_addr = mreqs.imr_sourceaddr;
if (!in_nullhost(mreqs.imr_interface))
if (!in_nullhost(mreqs.imr_interface)) {
IN_IFADDR_RLOCK(&in_ifa_tracker);
INADDR_TO_IFP(mreqs.imr_interface, ifp);
IN_IFADDR_RUNLOCK(&in_ifa_tracker);
}
if (sopt->sopt_name == IP_BLOCK_SOURCE)
doblock = 1;
@ -1969,7 +1972,6 @@ inp_getmoptions(struct inpcb *inp, struct sockopt *sopt)
*
* Returns NULL if no ifp could be found.
*
* SMPng: TODO: Acquire the appropriate locks for INADDR_TO_IFP.
* FUTURE: Implement IPv4 source-address selection.
*/
static struct ifnet *
@ -1987,7 +1989,9 @@ inp_lookup_mcast_ifp(const struct inpcb *inp,
ifp = NULL;
if (!in_nullhost(ina)) {
IN_IFADDR_RLOCK(&in_ifa_tracker);
INADDR_TO_IFP(ina, ifp);
IN_IFADDR_RUNLOCK(&in_ifa_tracker);
} else {
fibnum = inp ? inp->inp_inc.inc_fibnum : 0;
if (fib4_lookup_nh_basic(fibnum, gsin->sin_addr, 0, 0, &nh4)==0)
@ -2332,6 +2336,7 @@ inp_leave_group(struct inpcb *inp, struct sockopt *sopt)
{
struct group_source_req gsr;
struct ip_mreq_source mreqs;
struct rm_priotracker in_ifa_tracker;
sockunion_t *gsa, *ssa;
struct ifnet *ifp;
struct in_mfilter *imf;
@ -2390,9 +2395,11 @@ inp_leave_group(struct inpcb *inp, struct sockopt *sopt)
* XXX NOTE WELL: The RFC 3678 API is preferred because
* using an IPv4 address as a key is racy.
*/
if (!in_nullhost(mreqs.imr_interface))
if (!in_nullhost(mreqs.imr_interface)) {
IN_IFADDR_RLOCK(&in_ifa_tracker);
INADDR_TO_IFP(mreqs.imr_interface, ifp);
IN_IFADDR_RUNLOCK(&in_ifa_tracker);
}
CTR3(KTR_IGMPV3, "%s: imr_interface = 0x%08x, ifp = %p",
__func__, ntohl(mreqs.imr_interface.s_addr), ifp);
@ -2560,6 +2567,7 @@ inp_leave_group(struct inpcb *inp, struct sockopt *sopt)
static int
inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt)
{
struct rm_priotracker in_ifa_tracker;
struct in_addr addr;
struct ip_mreqn mreqn;
struct ifnet *ifp;
@ -2598,7 +2606,9 @@ inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt)
if (in_nullhost(addr)) {
ifp = NULL;
} else {
IN_IFADDR_RLOCK(&in_ifa_tracker);
INADDR_TO_IFP(addr, ifp);
IN_IFADDR_RUNLOCK(&in_ifa_tracker);
if (ifp == NULL)
return (EADDRNOTAVAIL);
}