udp_ctlinput: don't refer to unpcb after we drop the lock

Reported by: pho@
2018-06-21 06:10:52 +00:00 · 2018-06-21 06:10:52 +00:00 · 46374cbf54
commit 46374cbf54
parent 6a75ef5817
1 changed files with 7 additions and 6 deletions
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@ -802,14 +802,15 @@ udp_common_ctlinput(int cmd, struct sockaddr *sa, void *vip,
 					   INPLOOKUP_WILDCARD | INPLOOKUP_RLOCKPCB, NULL);
 			if (inp != NULL) {
 				struct udpcb *up;
+				void *ctx;
+				udp_tun_icmp_t func;

 				up = intoudpcb(inp);
-				if (up->u_icmp_func != NULL) {
-					INP_RUNLOCK(inp);
-					(*up->u_icmp_func)(cmd, sa, vip, up->u_tun_ctx);
-				} else {
-					INP_RUNLOCK(inp);
-				}
+				ctx = up->u_tun_ctx;
+				func = up->u_icmp_func;
+				INP_RUNLOCK(inp);
+				if (func != NULL)
+					(*func)(cmd, sa, vip, ctx);
 			}
 		}
 	} else