Author: markj
Date: Thu Jul 30 00:52:37 2020
New Revision: 363682
URL: https://svnweb.freebsd.org/changeset/base/363682
Log:
Fix a logic error in uipc_ready_scan().
When processing the last record in a socket buffer, take care to avoid a
NULL pointer dereference when advancing the record iterator.
Reported by: syzbot+6a689cc9c27bd2652...@syzkaller.appspotmail.com
Fixes: r359778
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/kern/uipc_usrreq.c
Modified: head/sys/kern/uipc_usrreq.c
==============================================================================
--- head/sys/kern/uipc_usrreq.c Wed Jul 29 23:59:35 2020 (r363681)
+++ head/sys/kern/uipc_usrreq.c Thu Jul 30 00:52:37 2020 (r363682)
@@ -1279,7 +1279,8 @@ uipc_ready_scan(struct socket *so, struct mbuf *m, int
mb = mb->m_next;
if (mb == NULL) {
mb = n;
- n = mb->m_nextpkt;
+ if (mb != NULL)
+ n = mb->m_nextpkt;
}
}
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
