git: 30f8cb812e27 - main - socket: Don't assume m0 != NULL in sbappendcontrol_locked()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 02 Feb 2024 19:01:18 UTC
The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=30f8cb812e27d8ab40a2c0669ac20a8ee45a7c56 commit 30f8cb812e27d8ab40a2c0669ac20a8ee45a7c56 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2024-02-02 18:58:37 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2024-02-02 19:00:37 +0000 socket: Don't assume m0 != NULL in sbappendcontrol_locked() Some callers (e.g., ktls_decrypt()) violate this assumption and thus could trigger a NULL pointer dereference in KMSAN kernels. Reported by: glebius Fixes: ec45f952a232 ("sockbuf: Add KMSAN checks to sbappend*()") MFC after: 1 week --- sys/kern/uipc_sockbuf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/kern/uipc_sockbuf.c b/sys/kern/uipc_sockbuf.c index 2732ee8199ee..6d3050596f23 100644 --- a/sys/kern/uipc_sockbuf.c +++ b/sys/kern/uipc_sockbuf.c @@ -1326,7 +1326,8 @@ sbappendcontrol_locked(struct sockbuf *sb, struct mbuf *m0, { struct mbuf *m, *mlast; - kmsan_check_mbuf(m0, "sbappend"); + if (m0 != NULL) + kmsan_check_mbuf(m0, "sbappend"); kmsan_check_mbuf(control, "sbappend"); sbm_clrprotoflags(m0, flags);