svn commit: r333304 - head/sys/netinet

Sun May 6 19:55:21 UTC 2018

> On 6. May 2018, at 19:09, Conrad Meyer <cem at FreeBSD.org> wrote:
> 
> FYI, Coverity can detect this kind of issue scanning the kernel (not
> just usrsctp).  It was detected as CID 1385266 on FreeBSD's Coverity
> Scan.
That is correct. I just had problems in getting access to the FreeBSD
page, so I didn't know the number. This has now been resolved.

Best regards
Michael
> 
> Best,
> Conrad
> 
> On Sun, May 6, 2018 at 7:19 AM, Michael Tuexen <tuexen at freebsd.org> wrote:
>> Author: tuexen
>> Date: Sun May  6 14:19:50 2018
>> New Revision: 333304
>> URL: https://svnweb.freebsd.org/changeset/base/333304
>> 
>> Log:
>>  Ensure we are not dereferencing a NULL pointer.
>> 
>>  This was found by Coverity scanning the usrsctp stack (CID 203808).
>> 
>>  MFC after:    3 days
>> 
>> Modified:
>>  head/sys/netinet/sctp_indata.c
>> 
>> Modified: head/sys/netinet/sctp_indata.c
>> ==============================================================================
>> --- head/sys/netinet/sctp_indata.c      Sun May  6 13:59:56 2018        (r333303)
>> +++ head/sys/netinet/sctp_indata.c      Sun May  6 14:19:50 2018        (r333304)
>> @@ -3621,7 +3621,9 @@ sctp_strike_gap_ack_chunks(struct sctp_tcb *stcb, stru
>>                                                    SCTP_SO_NOT_LOCKED);
>>                                        }
>>                                        /* Make sure to flag we had a FR */
>> -                                       tp1->whoTo->net_ack++;
>> +                                       if (tp1->whoTo != NULL) {
>> +                                               tp1->whoTo->net_ack++;
>> +                                       }
>>                                        continue;
>>                                }
>>                        }
>>