git: 85ff908020d0 - stable/14 - netinet: Fix getcred sysctl handlers to do nothing if no input is given
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 06 Apr 2025 22:51:10 UTC
The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=85ff908020d0169f9415852c7b63a4f15cac1294 commit 85ff908020d0169f9415852c7b63a4f15cac1294 Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-03-20 01:33:44 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-04-06 13:54:03 +0000 netinet: Fix getcred sysctl handlers to do nothing if no input is given These routines were all assuming that the sysctl handler has some new value, but this is not the case. SYSCTL_IN() returns 0 in this scenario, so they were all operating on an uninitialized address. This is mostly harmless, but trips KMSAN checks, so let's fix them. Reviewed by: zlei, rrs, glebius MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D49348 (cherry picked from commit 3ff865c6a7948b2cfc01d7056c619145b696700a) --- sys/netinet/sctp_usrreq.c | 3 ++- sys/netinet/tcp_subr.c | 4 ++++ sys/netinet/udp_usrreq.c | 2 ++ sys/netinet6/sctp6_usrreq.c | 2 ++ sys/netinet6/udp6_usrreq.c | 2 ++ 5 files changed, 12 insertions(+), 1 deletion(-) diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c index 29d63f989e79..4c9239f84df8 100644 --- a/sys/netinet/sctp_usrreq.c +++ b/sys/netinet/sctp_usrreq.c @@ -361,8 +361,9 @@ sctp_getcred(SYSCTL_HANDLER_ARGS) /* FIX, for non-bsd is this right? */ vrf_id = SCTP_DEFAULT_VRFID; + if (req->newptr == NULL) + return (EINVAL); error = priv_check(req->td, PRIV_NETINET_GETCRED); - if (error) return (error); diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index d633bd660346..dcd947384d99 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -2751,6 +2751,8 @@ tcp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error; + if (req->newptr == NULL) + return (EINVAL); error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); @@ -2793,6 +2795,8 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS) int mapped = 0; #endif + if (req->newptr == NULL) + return (EINVAL); error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index 178b5b431cf3..d65343fc9997 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -846,6 +846,8 @@ udp_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error; + if (req->newptr == NULL) + return (EINVAL); error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c index e38bf2b4ae6c..0d59209ceedd 100644 --- a/sys/netinet6/sctp6_usrreq.c +++ b/sys/netinet6/sctp6_usrreq.c @@ -375,6 +375,8 @@ sctp6_getcred(SYSCTL_HANDLER_ARGS) vrf_id = SCTP_DEFAULT_VRFID; + if (req->newptr == NULL) + return (EINVAL); error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error); diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index a23bbabab236..8ab159b4e622 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -609,6 +609,8 @@ udp6_getcred(SYSCTL_HANDLER_ARGS) struct inpcb *inp; int error; + if (req->newptr == NULL) + return (EINVAL); error = priv_check(req->td, PRIV_NETINET_GETCRED); if (error) return (error);