git: b0a1a3138a37 - releng/14.1 - fib_dxr: set fib_data field in struct dxr_aux early enough
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 22 May 2024 17:52:33 UTC
The branch releng/14.1 has been updated by zec:
URL: https://cgit.FreeBSD.org/src/commit/?id=b0a1a3138a37b7849d1fb735e6b5c2cd392a2e8b
commit b0a1a3138a37b7849d1fb735e6b5c2cd392a2e8b
Author: Marko Zec <zec@FreeBSD.org>
AuthorDate: 2024-05-07 15:44:09 +0000
Commit: Marko Zec <zec@FreeBSD.org>
CommitDate: 2024-05-22 17:50:29 +0000
fib_dxr: set fib_data field in struct dxr_aux early enough
Previously it was possible for dxr_build() to return with da->fd
unset in case of range_tbl or x_tbl malloc() failures. This
may have led to NULL ptr dereferencing in dxr_change_rib_batch().
Approved by: re (cperciva)
MFC after: 1 week
PR: 278422
(cherry picked from commit 0418d7a0903725ade71ae77c4ff900010a93a185)
---
sys/netinet/in_fib_dxr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/netinet/in_fib_dxr.c b/sys/netinet/in_fib_dxr.c
index e7eede53ea51..94f066bdf982 100644
--- a/sys/netinet/in_fib_dxr.c
+++ b/sys/netinet/in_fib_dxr.c
@@ -877,6 +877,7 @@ dxr_build(struct dxr *dxr)
return;
dxr->aux = da;
da->fibnum = dxr->fibnum;
+ da->fd = dxr->fd;
da->refcnt = 1;
LIST_INIT(&da->all_chunks);
LIST_INIT(&da->all_trie);
@@ -907,7 +908,6 @@ dxr_build(struct dxr *dxr)
trie_rebuild = 1;
}
#endif
- da->fd = dxr->fd;
microuptime(&t0);