in6_pcblookup_local() still can return a pcb with NULL

inp_socket. To avoid panic, do not dereference inp_socket, but obtain reuse port option from inp_flags2, like this is done after next call to in_pcblookup_local() a few lines down below. Submitted by: rwatson
svn path=/head/; revision=233272
2012-03-21 08:43:38 +00:00 · 2012-03-21 08:43:38 +00:00 · d0e6c546a2 · 2020-12-20 02:59:44 +00:00
commit d0e6c546a2
parent 92396a3174
1 changed files with 2 additions and 2 deletions
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@ -245,8 +245,8 @@ in6_pcbbind(register struct inpcb *inp, struct sockaddr *nam,
 				if (tw == NULL ||
 				    (reuseport & tw->tw_so_options) == 0)
 					return (EADDRINUSE);
-			} else if (t && (reuseport & t->inp_socket->so_options)
-			    == 0) {
+			} else if (t && (reuseport == 0 ||
+			    (t->inp_flags2 & INP_REUSEPORT) == 0)) {
 				return (EADDRINUSE);
 			}
 #ifdef INET