git: fe8df7ed1aae - stable/13 - inpcb: Restore some NULL checks of credential pointers

Wed, 07 Feb 2024 06:46:52 -0800 

The branch stable/13 has been updated by markj:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=fe8df7ed1aae444a09361c080d52bfcb6aaae64f

commit fe8df7ed1aae444a09361c080d52bfcb6aaae64f
Author:     Mark Johnston <[email protected]>
AuthorDate: 2024-02-07 14:43:25 +0000
Commit:     Mark Johnston <[email protected]>
CommitDate: 2024-02-07 14:46:34 +0000

    inpcb: Restore some NULL checks of credential pointers
    
    At least one out-of-tree port (net-mgmt/ng_ipacct) depends on being able
    to call in_pcblookup_local() with cred == NULL, so the MFC of commit
    ac1750dd143e ("inpcb: Remove NULL checks of credential references")
    broke compatibility.
    
    Restore a subset of the NULL checks to avoid breaking the module in the
    13.3 release.  This is a direct commit to stable/13.
    
    PR:             276868
---
 sys/netinet/in_pcb.c   | 6 ++++--
 sys/netinet6/in6_pcb.c | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 001fd735cb4c..03315344a455 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2003,7 +2003,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct 
in_addr laddr,
                                /*
                                 * Found?
                                 */
-                               if (prison_equal_ip4(cred->cr_prison,
+                               if (cred == NULL ||
+                                   prison_equal_ip4(cred->cr_prison,
                                    inp->inp_cred->cr_prison))
                                        return (inp);
                        }
@@ -2035,7 +2036,8 @@ in_pcblookup_local(struct inpcbinfo *pcbinfo, struct 
in_addr laddr,
                         */
                        CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
                                wildcard = 0;
-                               if (!prison_equal_ip4(inp->inp_cred->cr_prison,
+                               if (cred != NULL &&
+                                   !prison_equal_ip4(inp->inp_cred->cr_prison,
                                    cred->cr_prison))
                                        continue;
 #ifdef INET6
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index ee32fbbf1688..2cfb2ec7b1c3 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -764,7 +764,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct 
in6_addr *laddr,
                            IN6_ARE_ADDR_EQUAL(&inp->in6p_laddr, laddr) &&
                            inp->inp_lport == lport) {
                                /* Found. */
-                               if (prison_equal_ip6(cred->cr_prison,
+                               if (cred == NULL ||
+                                   prison_equal_ip6(cred->cr_prison,
                                    inp->inp_cred->cr_prison))
                                        return (inp);
                        }
@@ -796,7 +797,8 @@ in6_pcblookup_local(struct inpcbinfo *pcbinfo, struct 
in6_addr *laddr,
                         */
                        CK_LIST_FOREACH(inp, &phd->phd_pcblist, inp_portlist) {
                                wildcard = 0;
-                               if (!prison_equal_ip6(cred->cr_prison,
+                               if (cred != NULL &&
+                                   !prison_equal_ip6(cred->cr_prison,
                                    inp->inp_cred->cr_prison))
                                        continue;
                                /* XXX inp locking */

Reply via email to