- remove duplicate code from sctp_asconf.c

- remove duplicate #include <sys/priv.h> that is not under #ifdef FreeBSD version to allow compile on 6.1 - static analysis changes per the cisco SA tool including: o some SA_IGNORE comments o some checks for NULL before unlock. o type corrections int -> size_t - Fix it so sctp_alloc_asoc takes a thread/proc argument. Without this we pass a NULL in to bind on implicit assoc setup and crash :-( Approved by: re@freebsd.org(Ken Smith)
2007-07-21 21:41:32 +00:00 · 2007-07-21 21:41:32 +00:00 · 1918b8aea1
commit 1918b8aea1
parent 5eb246dfe4
9 changed files with 42 additions and 18 deletions
--- a/sys/netinet/sctp_asconf.c
+++ b/sys/netinet/sctp_asconf.c
@ -1991,9 +1991,6 @@ sctp_find_valid_localaddr_ep(struct sctp_tcb *stcb)
 	struct sctp_laddr *laddr;
 	LIST_FOREACH(laddr, &stcb->sctp_ep->sctp_addr_list, sctp_nxt_addr) {
 		if (laddr->ifa == NULL) {
 			continue;
 		}
 		if (laddr->ifa == NULL) {
 			continue;
 		}
--- a/sys/netinet/sctp_indata.c
+++ b/sys/netinet/sctp_indata.c
@ -3474,6 +3474,7 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, struct sctp_association *asoc,
 					 * use the CMT version of
 					 * find_alt_net()
 					 */
 					/* sa_ignore NO_NULL_CHK */
 					alt = sctp_find_alternate_net(stcb, alt, 1);
 				}
 				if (alt == NULL) {
--- a/sys/netinet/sctp_input.c
+++ b/sys/netinet/sctp_input.c
@ -186,8 +186,8 @@ sctp_is_there_unsent_data(struct sctp_tcb *stcb)
 	if (!TAILQ_EMPTY(&asoc->out_wheel)) {
 		/* Check to see if some data queued */
 		TAILQ_FOREACH(strq, &asoc->out_wheel, next_spoke) {
 			/* sa_ignore FREED_MEMORY */
 	is_there_another:
 			/* sa_ignore FREED_MEMORY */
 			sp = TAILQ_FIRST(&strq->outqueue);
 			if (sp == NULL) {
 				continue;
@ -1620,8 +1620,17 @@ sctp_process_cookie_new(struct mbuf *m, int iphlen, int offset,
 	 * now that we know the INIT/INIT-ACK are in place, create a new TCB
 	 * and popluate
 	 */
 	/*
 	 * Here we do a trick, we set in NULL for the proc/thread argument.
 	 * We do this since in effect we only use the p argument when the
 	 * socket is unbound and we must do an implicit bind. Since we are
 	 * getting a cookie, we cannot be unbound.
 	 */
 	stcb = sctp_aloc_assoc(inp, init_src, 0, &error,
-	    ntohl(initack_cp->init.initiate_tag), vrf_id);
+	    ntohl(initack_cp->init.initiate_tag), vrf_id,
 	    (struct thread *)NULL
 	    );
 	if (stcb == NULL) {
 		struct mbuf *op_err;
@ -4601,6 +4610,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
 			    vrf_id);
 			SCTP_TCB_UNLOCK(stcb);
 			goto out_now;
 			/* sa_ignore NOTREACHED */
 			break;
 		case SCTP_STATE_EMPTY:	/* should not happen */
 		case SCTP_STATE_INUSE:	/* should not happen */
@ -4609,6 +4619,7 @@ sctp_common_input_processing(struct mbuf **mm, int iphlen, int offset,
 		default:
 			SCTP_TCB_UNLOCK(stcb);
 			goto out_now;
 			/* sa_ignore NOTREACHED */
 			break;
 		case SCTP_STATE_OPEN:
 		case SCTP_STATE_SHUTDOWN_SENT:
--- a/sys/netinet/sctp_os_bsd.h
+++ b/sys/netinet/sctp_os_bsd.h
@ -49,7 +49,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/priv.h>
 #include <sys/jail.h>
 #include <sys/sysctl.h>
 #include <sys/resourcevar.h>
--- a/sys/netinet/sctp_output.c
+++ b/sys/netinet/sctp_output.c
@ -10965,7 +10965,9 @@ sctp_lower_sosend(struct socket *so,
 			}
 			/* get an asoc/stcb struct */
 			vrf_id = inp->def_vrf_id;
-			stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
+			stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id,
 			    p
 			    );
 			if (stcb == NULL) {
 				/* Error is setup for us in the call */
 				goto out_unlocked;
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@ -2154,7 +2154,11 @@ sctp_inpcb_bind(struct socket *so, struct sockaddr *addr,
 		/* already did a bind, subsequent binds NOT allowed ! */
 		return (EINVAL);
 	}
-	if (jailed(p->td_ucred)) {
+#ifdef INVARIANTS
 	if (p == NULL)
 		panic("null proc/thread");
 #endif
 	if (p && jailed(p->td_ucred)) {
 		prison = 1;
 	}
 	if (addr != NULL) {
@ -3312,8 +3316,12 @@ sctp_add_remote_addr(struct sctp_tcb *stcb, struct sockaddr *newaddr,
 */
 struct sctp_tcb *
 sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
-    int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id)
+    int for_a_init, int *error, uint32_t override_tag, uint32_t vrf_id,
    struct thread *p
 )
 {
 	/* note the p argument is only valid in unbound sockets */
 	struct sctp_tcb *stcb;
 	struct sctp_association *asoc;
 	struct sctpasochead *head;
@ -3393,7 +3401,7 @@ sctp_aloc_assoc(struct sctp_inpcb *inp, struct sockaddr *firstaddr,
 		 */
 		if ((err = sctp_inpcb_bind(inp->sctp_socket,
 		    (struct sockaddr *)NULL,
-		    (struct thread *)NULL
+		    p
 		    ))) {
 			/* bind error, probably perm */
 			*error = err;
@ -4920,7 +4928,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
 					 * strange, address is in another
 					 * assoc? straighten out locks.
 					 */
-					SCTP_TCB_UNLOCK(stcb_tmp);
+					if (stcb_tmp)
 						SCTP_TCB_UNLOCK(stcb_tmp);
 					if (stcb->asoc.state == 0) {
 						/* the assoc was freed? */
 						return (-12);
@ -4995,7 +5005,9 @@ sctp_load_addresses_from_init(struct sctp_tcb *stcb, struct mbuf *m,
 					 * strange, address is in another
 					 * assoc? straighten out locks.
 					 */
-					SCTP_TCB_UNLOCK(stcb_tmp);
+					if (stcb_tmp)
 						SCTP_TCB_UNLOCK(stcb_tmp);
 					if (stcb->asoc.state == 0) {
 						/* the assoc was freed? */
 						return (-21);
--- a/sys/netinet/sctp_pcb.h
+++ b/sys/netinet/sctp_pcb.h
@ -510,7 +510,7 @@ void sctp_inpcb_free(struct sctp_inpcb *, int, int);
 struct sctp_tcb *
 sctp_aloc_assoc(struct sctp_inpcb *, struct sockaddr *,
-    int, int *, uint32_t, uint32_t);
+    int, int *, uint32_t, uint32_t, struct thread *);
 int sctp_free_assoc(struct sctp_inpcb *, struct sctp_tcb *, int, int);
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@ -1354,7 +1354,9 @@ sctp_do_connect_x(struct socket *so, struct sctp_inpcb *inp, void *optval,
 	vrf_id = inp->def_vrf_id;
 	/* We are GOOD to go */
-	stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id);
+	stcb = sctp_aloc_assoc(inp, sa, 1, &error, 0, vrf_id,
 	    (struct thread *)p
 	    );
 	if (stcb == NULL) {
 		/* Gak! no memory */
 		goto out_now;
@ -3631,7 +3633,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 	case SCTP_BINDX_ADD_ADDR:
 		{
 			struct sctp_getaddresses *addrs;
-			int sz;
+			size_t sz;
 			struct thread *td;
 			int prison = 0;
@ -3666,7 +3668,7 @@ sctp_setopt(struct socket *so, int optname, void *optval, size_t optsize,
 	case SCTP_BINDX_REM_ADDR:
 		{
 			struct sctp_getaddresses *addrs;
-			int sz;
+			size_t sz;
 			struct thread *td;
 			int prison = 0;
@ -3844,7 +3846,7 @@ sctp_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
 	}
 	vrf_id = inp->def_vrf_id;
 	/* We are GOOD to go */
-	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
+	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
 	if (stcb == NULL) {
 		/* Gak! no memory */
 		goto out_now;
--- a/sys/netinet6/sctp6_usrreq.c
+++ b/sys/netinet6/sctp6_usrreq.c
@ -1034,7 +1034,7 @@ sctp6_connect(struct socket *so, struct sockaddr *addr, struct thread *p)
 		return (EALREADY);
 	}
 	/* We are GOOD to go */
-	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id);
+	stcb = sctp_aloc_assoc(inp, addr, 1, &error, 0, vrf_id, p);
 	SCTP_ASOC_CREATE_UNLOCK(inp);
 	if (stcb == NULL) {
 		/* Gak! no memory */