git: 85ff908020d0 - stable/14 - netinet: Fix getcred sysctl handlers to do nothing if no input is given

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Sun, 06 Apr 2025 22:51:10 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=85ff908020d0169f9415852c7b63a4f15cac1294

commit 85ff908020d0169f9415852c7b63a4f15cac1294
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-20 01:33:44 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:03 +0000

    netinet: Fix getcred sysctl handlers to do nothing if no input is given
    
    These routines were all assuming that the sysctl handler has some new
    value, but this is not the case.  SYSCTL_IN() returns 0 in this
    scenario, so they were all operating on an uninitialized address.  This
    is mostly harmless, but trips KMSAN checks, so let's fix them.
    
    Reviewed by:    zlei, rrs, glebius
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D49348
    
    (cherry picked from commit 3ff865c6a7948b2cfc01d7056c619145b696700a)
---
 sys/netinet/sctp_usrreq.c   | 3 ++-
 sys/netinet/tcp_subr.c      | 4 ++++
 sys/netinet/udp_usrreq.c    | 2 ++
 sys/netinet6/sctp6_usrreq.c | 2 ++
 sys/netinet6/udp6_usrreq.c  | 2 ++
 5 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/sctp_usrreq.c b/sys/netinet/sctp_usrreq.c
index 29d63f989e79..4c9239f84df8 100644
--- a/sys/netinet/sctp_usrreq.c
+++ b/sys/netinet/sctp_usrreq.c
@@ -361,8 +361,9 @@ sctp_getcred(SYSCTL_HANDLER_ARGS)
 	/* FIX, for non-bsd is this right? */
 	vrf_id = SCTP_DEFAULT_VRFID;
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = priv_check(req->td, PRIV_NETINET_GETCRED);
-
 	if (error)
 		return (error);
 
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c
index d633bd660346..dcd947384d99 100644
--- a/sys/netinet/tcp_subr.c
+++ b/sys/netinet/tcp_subr.c
@@ -2751,6 +2751,8 @@ tcp_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error;
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
@@ -2793,6 +2795,8 @@ tcp6_getcred(SYSCTL_HANDLER_ARGS)
 	int mapped = 0;
 #endif
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 178b5b431cf3..d65343fc9997 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/udp_usrreq.c
@@ -846,6 +846,8 @@ udp_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error;
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
diff --git a/sys/netinet6/sctp6_usrreq.c b/sys/netinet6/sctp6_usrreq.c
index e38bf2b4ae6c..0d59209ceedd 100644
--- a/sys/netinet6/sctp6_usrreq.c
+++ b/sys/netinet6/sctp6_usrreq.c
@@ -375,6 +375,8 @@ sctp6_getcred(SYSCTL_HANDLER_ARGS)
 
 	vrf_id = SCTP_DEFAULT_VRFID;
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);
diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c
index a23bbabab236..8ab159b4e622 100644
--- a/sys/netinet6/udp6_usrreq.c
+++ b/sys/netinet6/udp6_usrreq.c
@@ -609,6 +609,8 @@ udp6_getcred(SYSCTL_HANDLER_ARGS)
 	struct inpcb *inp;
 	int error;
 
+	if (req->newptr == NULL)
+		return (EINVAL);
 	error = priv_check(req->td, PRIV_NETINET_GETCRED);
 	if (error)
 		return (error);