git: fe8df7ed1aae - stable/13 - inpcb: Restore some NULL checks of credential pointers

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Wed, 07 Feb 2024 14:46:47 UTC
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=fe8df7ed1aae444a09361c080d52bfcb6aaae64f

commit fe8df7ed1aae444a09361c080d52bfcb6aaae64f
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2024-02-07 14:43:25 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2024-02-07 14:46:34 +0000

    inpcb: Restore some NULL checks of credential pointers
    
    At least one out-of-tree port (net-mgmt/ng_ipacct) depends on being able
    to call in_pcblookup_local() with cred == NULL, so the MFC of commit
    ac1750dd143e ("inpcb: Remove NULL checks of credential references")
    broke compatibility.
    
    Restore a subset of the NULL checks to avoid breaking the module in the
    13.3 release.  This is a direct commit to stable/13.
    
    PR:             276868
---
 sys/netinet/in_pcb.c   | 6 ++++--
 sys/netinet6/in6_pcb.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 001fd735cb4c..03315344a455 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2003,7 +2003,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr,
 				/*
 				 * Found?
 				 */
-				if (prison_equal_ip4(cred->cr_prison,
+				if (cred == NULL ||
+				    prison_equal_ip4(cred->cr_prison,
 				    inp->inp_cred->cr_prison))
 					return (inp);
 			}
@@ -2035,7 +2036,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct in_addr laddr,
 			 */
 			CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
 				wildcard = 0;
-				if (!prison_equal_ip4(inp->inp_cred->cr_prison,
+				if (cred != NULL &&
+				    !prison_equal_ip4(inp->inp_cred->cr_prison,
 				    cred->cr_prison))
 					continue;
 #ifdef INET6
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index ee32fbbf1688..2cfb2ec7b1c3 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -764,7 +764,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr,
 			    IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
 			    inp->inp_lport == lport) {
 				/* Found. */
-				if (prison_equal_ip6(cred->cr_prison,
+				if (cred == NULL ||
+				    prison_equal_ip6(cred->cr_prison,
 				    inp->inp_cred->cr_prison))
 					return (inp);
 			}
@@ -796,7 +797,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct in6_addr *laddr,
 			 */
 			CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
 				wildcard = 0;
-				if (!prison_equal_ip6(cred->cr_prison,
+				if (cred != NULL &&
+				    !prison_equal_ip6(cred->cr_prison,
 				    inp->inp_cred->cr_prison))
 					continue;
 				/* XXX inp locking */