svn commit: r232902 - in stable/8/sys: i386/conf netinet
Michael Tuexen
tuexen at FreeBSD.org
Mon Mar 12 21:52:32 UTC 2012
Author: tuexen
Date: Mon Mar 12 21:52:31 2012
New Revision: 232902
URL: http://svn.freebsd.org/changeset/base/232902
Log:
MFC r232723,r232726:
Fix a bug reported by Peter Holm which results in a crash:
Verify in sctp_peeloff() that the socket is a one-to-many
style SCTP socket.
Modified:
stable/8/sys/netinet/sctp_peeloff.c
Directory Properties:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/boot/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
stable/8/sys/dev/e1000/ (props changed)
stable/8/sys/i386/conf/XENHVM (props changed)
Modified: stable/8/sys/netinet/sctp_peeloff.c
==============================================================================
--- stable/8/sys/netinet/sctp_peeloff.c Mon Mar 12 21:41:29 2012 (r232901)
+++ stable/8/sys/netinet/sctp_peeloff.c Mon Mar 12 21:52:31 2012 (r232902)
@@ -55,9 +55,18 @@ sctp_can_peel_off(struct socket *head, s
struct sctp_tcb *stcb;
uint32_t state;
+ if (head == NULL) {
+ SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EBADF);
+ return (EBADF);
+ }
+ if ((head->so_proto->pr_protocol != IPPROTO_SCTP) ||
+ (head->so_type != SOCK_SEQPACKET)) {
+ SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EOPNOTSUPP);
+ return (EOPNOTSUPP);
+ }
inp = (struct sctp_inpcb *)head->so_pcb;
if (inp == NULL) {
- SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
+ SCTP_LTRACE_ERR_RET(NULL, NULL, NULL, SCTP_FROM_SCTP_PEELOFF, EFAULT);
return (EFAULT);
}
stcb = sctp_findassociation_ep_asocid(inp, assoc_id, 1);
More information about the svn-src-all
mailing list