svn commit: r191435 - in releng/7.2/sys: . contrib/pf
dev/ath/ath_hal dev/cxgb net
Robert Watson
rwatson at FreeBSD.org
Thu Apr 23 18:23:09 UTC 2009
Author: rwatson
Date: Thu Apr 23 18:23:08 2009
New Revision: 191435
URL: http://svn.freebsd.org/changeset/base/191435
Log:
Merge r191434 from stable/7 to releng/7.2:
In sysctl_ifdata(), query the ifnet pointer using the index only
once, rather than querying it, validating it, and then re-querying
it without validating it. This may avoid a NULL pointer
dereference and resulting kernel page fault if an interface is
being deleted while bsnmp or other tools are querying data on the
interface.
The full fix, to properly refcount the interface for the duration
of the sysctl, is in 8.x, but is considered too high-risk for
7.2, so instead will appear in 7.3 (if all goes well).
Reported by: mdtancsa
Approved by: re (kensmith)
Modified:
releng/7.2/sys/ (props changed)
releng/7.2/sys/contrib/pf/ (props changed)
releng/7.2/sys/dev/ath/ath_hal/ (props changed)
releng/7.2/sys/dev/cxgb/ (props changed)
releng/7.2/sys/net/if_mib.c
Modified: releng/7.2/sys/net/if_mib.c
==============================================================================
--- releng/7.2/sys/net/if_mib.c Thu Apr 23 17:47:15 2009 (r191434)
+++ releng/7.2/sys/net/if_mib.c Thu Apr 23 18:23:08 2009 (r191435)
@@ -82,11 +82,9 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX
return EINVAL;
if (name[0] <= 0 || name[0] > if_index ||
- ifnet_byindex(name[0]) == NULL)
+ (ifp = ifnet_byindex(name[0])) == NULL)
return ENOENT;
- ifp = ifnet_byindex(name[0]);
-
switch(name[1]) {
default:
return ENOENT;
More information about the svn-src-all
mailing list