kern/57985: [patch] Missing splx in ether_output_frame (-stable)
Scot Loach
sloach at sandvine.com
Mon Oct 13 20:20:22 PDT 2003
>Number: 57985
>Category: kern
>Synopsis: [patch] Missing splx in ether_output_frame (-stable)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 13 20:20:20 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Scot Loach
>Release: FreeBSD 4.8-RELEASE-p3 i386
>Organization:
Sandvine Incorporated
>Environment:
>Description:
In /sys/net/if_ethersubr.c, in ether_output_frame, there is a return
for an error case that fails to call splx to release the splimp
taken above. (see the included patch)
>How-To-Repeat:
>Fix:
Index: if_ethersubr.c
===================================================================
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.70.2.30.1000.3
diff -U10 -r1.70.2.30.1000.3 if_ethersubr.c
--- if_ethersubr.c 21 Jun 2003 20:47:55 -0000 1.70.2.30.1000.3
+++ if_ethersubr.c 14 Oct 2003 02:13:58 -0000
@@ -410,20 +410,21 @@
no_bridge:
s = splimp();
if (IPFW_LOADED && ether_ipfw != 0) {
struct ether_header save_eh, *eh;
eh = mtod(m, struct ether_header *);
save_eh = *eh;
m_adj(m, ETHER_HDR_LEN);
if (ether_ipfw_chk(&m, ifp, &rule, eh, 0) == 0) {
if (m) {
+ splx(s);
m_freem(m);
return ENOBUFS; /* pkt dropped */
} else
return 0; /* consumed e.g. in a pipe */
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list