kern/151435: Reference leak in ip_dooptions()

[Andrew Boyer]

>Number:         151435
>Category:       kern
>Synopsis:       Reference leak in ip_dooptions()
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 13 20:00:18 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Andrew Boyer
>Release:        head
>Organization:
Avere Systems
>Environment:
N/A
>Description:
SVN 194760 changed ifa_ifwithaddr() so that it returns a reference along with the ifa.  ifa_ifwithaddr_check() was added to simplify things for callers who didn't want to deal with a reference.

On line 344 of sys/netinet/ip_options.c, there's a call to ifa_ifwithaddr() that does not store a return value.  It looks like it should have been converted to ifa_ifwithaddr_check().

This is only an issue if packets with IPOPT_TS_PRESPEC set are received, so it's not likely been a problem for anyone.
>How-To-Repeat:
Unknown - found by code review.
>Fix:
--- sys/netinet/ip_options.c
+++ sys/netinet/ip_options.c
@@ -341,7 +341,7 @@ dropit:
                                }
                                (void)memcpy(&ipaddr.sin_addr, sin,
                                    sizeof(struct in_addr));
-                               if (ifa_ifwithaddr((SA)&ipaddr) == NULL)
+                               if (ifa_ifwithaddr_check((SA)&ipaddr) == 0)
                                        continue;
                                cp[IPOPT_OFFSET] += sizeof(struct in_addr);
                                off += sizeof(struct in_addr);


>Release-Note:
>Audit-Trail:
>Unformatted: