[Bug 295129] if_geneve.c geneve_udp_input() can use ifp before it is set

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 295129] if_geneve.c geneve_udp_input() can use ifp before it is set"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 09 May 2026 18:39:33 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295129

            Bug ID: 295129
           Summary: if_geneve.c geneve_udp_input() can use ifp before it
                    is set
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: rtm@lcs.mit.edu

geneve_udp_input() has a few "goto out" before it sets ifp, but the
"out" code passes ifp to if_inc_counter(), which can crash due to
ifp holding garbage.

-- 
You are receiving this mail because:
You are the assignee for the bug.