1.24.2.2 of ip_dummynet.c [RELENG_4] has a bug I'm thinking, can someone
comment?
In the below snippet, the value of 's' from splimp() is
overwritten by the return value of alloc_hash(), which is
an errno. If its != 0, then there's a missing splx().
If it is == 0, then splx() is called with the wrong value.
[i've filed a PR against this, and will probably change
the alloc_hash to use a different return value in my tree]
s = splimp();
x->bandwidth = p->bandwidth ;
x->numbytes = 0; /* just in case... */
bcopy(p->if_name, x->if_name, sizeof(p->if_name) );
x->ifp = NULL ; /* reset interface ptr */
x->delay = p->delay ;
set_fs_parms(&(x->fs), pfs);
if ( x->fs.rq == NULL ) { /* a new pipe */
s = alloc_hash(&(x->fs), pfs) ;
if (s) {
free(x, M_DUMMYNET);
return s ;
}
x->next = b ;
if (a == NULL)
all_pipes = x ;
else
a->next = x ;
}
splx(s);
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
