- remove duplicate code from sctp_asconf.c

- remove duplicate #include <sys/priv.h> that is not under
   #ifdef FreeBSD version to allow compile on 6.1
- static analysis changes per the cisco SA tool including:
    o some SA_IGNORE comments
    o some checks for NULL before unlock.
    o type corrections int -> size_t
- Fix it so sctp_alloc_asoc takes a thread/proc argument. Without this
   we pass a NULL in to bind on implicit assoc setup and crash  :-(
Approved by:	re@freebsd.org(Ken Smith)
This commit is contained in:
rrs 2007-07-21 21:41:32 +00:00
parent 5eb246dfe4
commit 1918b8aea1
9 changed files with 42 additions and 18 deletions

View File

@ -1991,9 +1991,6 @@ sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb)
struct sctp_laddr *laddr;
LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
if (laddr->ifa == NULL) {
continue;
}
if (laddr->ifa == NULL) {
continue;
}

View File

@ -3474,6 +3474,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
* use the CMT version of
* find_alt_net()
*/
/* sa_ignore NO_NULL_CHK */
alt = sctp_find_alternate_net(stcb, alt, 1);
}
if (alt == NULL) {

View File

@ -186,8 +186,8 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb)
if (!TAILQ_EMPTY(&asoc->out_wheel)) {
/* Check to see if some data queued */
TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) {
/* sa_ignore FREED_MEMORY */
is_there_another:
/* sa_ignore FREED_MEMORY */
sp = TAILQ_FIRST(&strq->outqueue);
if (sp == NULL) {
continue;
@ -1620,8 +1620,17 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
* now that we know the INIT/INIT-ACK are in place, create a new TCB
* and popluate
*/
/*
* Here we do a trick, we set in NULL for the proc/thread argument.
* We do this since in effect we only use the p argument when the
* socket is unbound and we must do an implicit bind. Since we are
* getting a cookie, we cannot be unbound.
*/
stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
ntohl(initack_cp->init.initiate_tag), vrf_id);
ntohl(initack_cp->init.initiate_tag), vrf_id,
(struct thread *)NULL
);
if (stcb == NULL) {
struct mbuf *op_err;
@ -4601,6 +4610,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
vrf_id);
SCTP_TCB_UNLOCK(stcb);
goto out_now;
/* sa_ignore NOTREACHED */
break;
case SCTP_STATE_EMPTY: /* should not happen */
case SCTP_STATE_INUSE: /* should not happen */
@ -4609,6 +4619,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
default:
SCTP_TCB_UNLOCK(stcb);
goto out_now;
/* sa_ignore NOTREACHED */
break;
case SCTP_STATE_OPEN:
case SCTP_STATE_SHUTDOWN_SENT:

View File

@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$");
#include <sys/protosw.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/sysctl.h>
#include <sys/resourcevar.h>

View File

@ -10965,7 +10965,9 @@ sctp_lower_sosend(struct socket *so,
}
/* get an asoc/stcb struct */
vrf_id = inp->def_vrf_id;
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id,
p
);
if (stcb == NULL) {
/* Error is setup for us in the call */
goto out_unlocked;

View File

@ -2154,7 +2154,11 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
/* already did a bind, subsequent binds NOT allowed ! */
return (EINVAL);
}
if (jailed(p->td_ucred)) {
#ifdef INVARIANTS
if (p == NULL)
panic("null proc/thread");
#endif
if (p && jailed(p->td_ucred)) {
prison = 1;
}
if (addr != NULL) {
@ -3312,8 +3316,12 @@ sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
*/
struct sctp_tcb *
sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id)
int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id,
struct thread *p
)
{
/* note the p argument is only valid in unbound sockets */
struct sctp_tcb *stcb;
struct sctp_association *asoc;
struct sctpasochead *head;
@ -3393,7 +3401,7 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
*/
if ((err = sctp_inpcb_bind(inp->sctp_socket,
(struct sockaddr *)NULL,
(struct thread *)NULL
p
))) {
/* bind error, probably perm */
*error = err;
@ -4920,7 +4928,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
* strange, address is in another
* assoc? straighten out locks.
*/
SCTP_TCB_UNLOCK(stcb_tmp);
if (stcb_tmp)
SCTP_TCB_UNLOCK(stcb_tmp);
if (stcb->asoc.state == 0) {
/* the assoc was freed? */
return (-12);
@ -4995,7 +5005,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
* strange, address is in another
* assoc? straighten out locks.
*/
SCTP_TCB_UNLOCK(stcb_tmp);
if (stcb_tmp)
SCTP_TCB_UNLOCK(stcb_tmp);
if (stcb->asoc.state == 0) {
/* the assoc was freed? */
return (-21);

View File

@ -510,7 +510,7 @@ void sctp_inpcb_free(struct sctp_inpcb *, int, int);
struct sctp_tcb *
sctp_aloc_assoc(struct sctp_inpcb *, struct sockaddr *,
int, int *, uint32_t, uint32_t);
int, int *, uint32_t, uint32_t, struct thread *);
int sctp_free_assoc(struct sctp_inpcb *, struct sctp_tcb *, int, int);

View File

@ -1354,7 +1354,9 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb *inp, void *optval,
vrf_id = inp->def_vrf_id;
/* We are GOOD to go */
stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id);
stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id,
(struct thread *)p
);
if (stcb == NULL) {
/* Gak! no memory */
goto out_now;
@ -3631,7 +3633,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
case SCTP_BINDX_ADD_ADDR:
{
struct sctp_getaddresses *addrs;
int sz;
size_t sz;
struct thread *td;
int prison = 0;
@ -3666,7 +3668,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
case SCTP_BINDX_REM_ADDR:
{
struct sctp_getaddresses *addrs;
int sz;
size_t sz;
struct thread *td;
int prison = 0;
@ -3844,7 +3846,7 @@ sctp_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
}
vrf_id = inp->def_vrf_id;
/* We are GOOD to go */
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
if (stcb == NULL) {
/* Gak! no memory */
goto out_now;

View File

@ -1034,7 +1034,7 @@ sctp6_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
return (EALREADY);
}
/* We are GOOD to go */
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
SCTP_ASOC_CREATE_UNLOCK(inp);
if (stcb == NULL) {
/* Gak! no memory */