- remove duplicate code from sctp_asconf.c
- remove duplicate #include <sys/priv.h> that is not under #ifdef FreeBSD version to allow compile on 6.1 - static analysis changes per the cisco SA tool including: o some SA_IGNORE comments o some checks for NULL before unlock. o type corrections int -> size_t - Fix it so sctp_alloc_asoc takes a thread/proc argument. Without this we pass a NULL in to bind on implicit assoc setup and crash :-( Approved by: re@freebsd.org(Ken Smith)
This commit is contained in:
parent
5eb246dfe4
commit
1918b8aea1
@ -1991,9 +1991,6 @@ sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb)
|
||||
struct sctp_laddr *laddr;
|
||||
|
||||
LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
|
||||
if (laddr->ifa == NULL) {
|
||||
continue;
|
||||
}
|
||||
if (laddr->ifa == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
@ -3474,6 +3474,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
|
||||
* use the CMT version of
|
||||
* find_alt_net()
|
||||
*/
|
||||
/* sa_ignore NO_NULL_CHK */
|
||||
alt = sctp_find_alternate_net(stcb, alt, 1);
|
||||
}
|
||||
if (alt == NULL) {
|
||||
|
@ -186,8 +186,8 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb)
|
||||
if (!TAILQ_EMPTY(&asoc->out_wheel)) {
|
||||
/* Check to see if some data queued */
|
||||
TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) {
|
||||
/* sa_ignore FREED_MEMORY */
|
||||
is_there_another:
|
||||
/* sa_ignore FREED_MEMORY */
|
||||
sp = TAILQ_FIRST(&strq->outqueue);
|
||||
if (sp == NULL) {
|
||||
continue;
|
||||
@ -1620,8 +1620,17 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
|
||||
* now that we know the INIT/INIT-ACK are in place, create a new TCB
|
||||
* and popluate
|
||||
*/
|
||||
|
||||
/*
|
||||
* Here we do a trick, we set in NULL for the proc/thread argument.
|
||||
* We do this since in effect we only use the p argument when the
|
||||
* socket is unbound and we must do an implicit bind. Since we are
|
||||
* getting a cookie, we cannot be unbound.
|
||||
*/
|
||||
stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
|
||||
ntohl(initack_cp->init.initiate_tag), vrf_id);
|
||||
ntohl(initack_cp->init.initiate_tag), vrf_id,
|
||||
(struct thread *)NULL
|
||||
);
|
||||
if (stcb == NULL) {
|
||||
struct mbuf *op_err;
|
||||
|
||||
@ -4601,6 +4610,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
|
||||
vrf_id);
|
||||
SCTP_TCB_UNLOCK(stcb);
|
||||
goto out_now;
|
||||
/* sa_ignore NOTREACHED */
|
||||
break;
|
||||
case SCTP_STATE_EMPTY: /* should not happen */
|
||||
case SCTP_STATE_INUSE: /* should not happen */
|
||||
@ -4609,6 +4619,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
|
||||
default:
|
||||
SCTP_TCB_UNLOCK(stcb);
|
||||
goto out_now;
|
||||
/* sa_ignore NOTREACHED */
|
||||
break;
|
||||
case SCTP_STATE_OPEN:
|
||||
case SCTP_STATE_SHUTDOWN_SENT:
|
||||
|
@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/protosw.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/socketvar.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/resourcevar.h>
|
||||
|
@ -10965,7 +10965,9 @@ sctp_lower_sosend(struct socket *so,
|
||||
}
|
||||
/* get an asoc/stcb struct */
|
||||
vrf_id = inp->def_vrf_id;
|
||||
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
|
||||
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id,
|
||||
p
|
||||
);
|
||||
if (stcb == NULL) {
|
||||
/* Error is setup for us in the call */
|
||||
goto out_unlocked;
|
||||
|
@ -2154,7 +2154,11 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
|
||||
/* already did a bind, subsequent binds NOT allowed ! */
|
||||
return (EINVAL);
|
||||
}
|
||||
if (jailed(p->td_ucred)) {
|
||||
#ifdef INVARIANTS
|
||||
if (p == NULL)
|
||||
panic("null proc/thread");
|
||||
#endif
|
||||
if (p && jailed(p->td_ucred)) {
|
||||
prison = 1;
|
||||
}
|
||||
if (addr != NULL) {
|
||||
@ -3312,8 +3316,12 @@ sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
|
||||
*/
|
||||
struct sctp_tcb *
|
||||
sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
|
||||
int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id)
|
||||
int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id,
|
||||
struct thread *p
|
||||
)
|
||||
{
|
||||
/* note the p argument is only valid in unbound sockets */
|
||||
|
||||
struct sctp_tcb *stcb;
|
||||
struct sctp_association *asoc;
|
||||
struct sctpasochead *head;
|
||||
@ -3393,7 +3401,7 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
|
||||
*/
|
||||
if ((err = sctp_inpcb_bind(inp->sctp_socket,
|
||||
(struct sockaddr *)NULL,
|
||||
(struct thread *)NULL
|
||||
p
|
||||
))) {
|
||||
/* bind error, probably perm */
|
||||
*error = err;
|
||||
@ -4920,7 +4928,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
|
||||
* strange, address is in another
|
||||
* assoc? straighten out locks.
|
||||
*/
|
||||
SCTP_TCB_UNLOCK(stcb_tmp);
|
||||
if (stcb_tmp)
|
||||
SCTP_TCB_UNLOCK(stcb_tmp);
|
||||
|
||||
if (stcb->asoc.state == 0) {
|
||||
/* the assoc was freed? */
|
||||
return (-12);
|
||||
@ -4995,7 +5005,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
|
||||
* strange, address is in another
|
||||
* assoc? straighten out locks.
|
||||
*/
|
||||
SCTP_TCB_UNLOCK(stcb_tmp);
|
||||
if (stcb_tmp)
|
||||
SCTP_TCB_UNLOCK(stcb_tmp);
|
||||
|
||||
if (stcb->asoc.state == 0) {
|
||||
/* the assoc was freed? */
|
||||
return (-21);
|
||||
|
@ -510,7 +510,7 @@ void sctp_inpcb_free(struct sctp_inpcb *, int, int);
|
||||
|
||||
struct sctp_tcb *
|
||||
sctp_aloc_assoc(struct sctp_inpcb *, struct sockaddr *,
|
||||
int, int *, uint32_t, uint32_t);
|
||||
int, int *, uint32_t, uint32_t, struct thread *);
|
||||
|
||||
int sctp_free_assoc(struct sctp_inpcb *, struct sctp_tcb *, int, int);
|
||||
|
||||
|
@ -1354,7 +1354,9 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb *inp, void *optval,
|
||||
vrf_id = inp->def_vrf_id;
|
||||
|
||||
/* We are GOOD to go */
|
||||
stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id);
|
||||
stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id,
|
||||
(struct thread *)p
|
||||
);
|
||||
if (stcb == NULL) {
|
||||
/* Gak! no memory */
|
||||
goto out_now;
|
||||
@ -3631,7 +3633,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
|
||||
case SCTP_BINDX_ADD_ADDR:
|
||||
{
|
||||
struct sctp_getaddresses *addrs;
|
||||
int sz;
|
||||
size_t sz;
|
||||
struct thread *td;
|
||||
int prison = 0;
|
||||
|
||||
@ -3666,7 +3668,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
|
||||
case SCTP_BINDX_REM_ADDR:
|
||||
{
|
||||
struct sctp_getaddresses *addrs;
|
||||
int sz;
|
||||
size_t sz;
|
||||
struct thread *td;
|
||||
int prison = 0;
|
||||
|
||||
@ -3844,7 +3846,7 @@ sctp_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
|
||||
}
|
||||
vrf_id = inp->def_vrf_id;
|
||||
/* We are GOOD to go */
|
||||
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
|
||||
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
|
||||
if (stcb == NULL) {
|
||||
/* Gak! no memory */
|
||||
goto out_now;
|
||||
|
@ -1034,7 +1034,7 @@ sctp6_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
|
||||
return (EALREADY);
|
||||
}
|
||||
/* We are GOOD to go */
|
||||
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
|
||||
stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
|
||||
SCTP_ASOC_CREATE_UNLOCK(inp);
|
||||
if (stcb == NULL) {
|
||||
/* Gak! no memory */
|
||||
|
Loading…
Reference in New Issue
Block a user