Module Name: src
Committed By: ozaki-r
Date: Tue Feb 7 02:38:08 UTC 2017
Modified Files:
src/sys/netinet: if_arp.c ip_flow.c ip_icmp.c ip_input.c tcp_input.c
src/sys/netinet6: icmp6.c mld6.c
Log Message:
Add missing NULL checks for m_get_rcvif
To generate a diff of this commit:
cvs rdiff -u -r1.240 -r1.241 src/sys/netinet/if_arp.c
cvs rdiff -u -r1.79 -r1.80 src/sys/netinet/ip_flow.c
cvs rdiff -u -r1.156 -r1.157 src/sys/netinet/ip_icmp.c
cvs rdiff -u -r1.348 -r1.349 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.353 -r1.354 src/sys/netinet/tcp_input.c
cvs rdiff -u -r1.207 -r1.208 src/sys/netinet6/icmp6.c
cvs rdiff -u -r1.80 -r1.81 src/sys/netinet6/mld6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/if_arp.c
diff -u src/sys/netinet/if_arp.c:1.240 src/sys/netinet/if_arp.c:1.241
--- src/sys/netinet/if_arp.c:1.240 Tue Jan 24 07:09:24 2017
+++ src/sys/netinet/if_arp.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: if_arp.c,v 1.240 2017/01/24 07:09:24 ozaki-r Exp $ */
+/* $NetBSD: if_arp.c,v 1.241 2017/02/07 02:38:08 ozaki-r Exp $ */
/*-
* Copyright (c) 1998, 2000, 2008 The NetBSD Foundation, Inc.
@@ -68,7 +68,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.240 2017/01/24 07:09:24 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_arp.c,v 1.241 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_ddb.h"
@@ -941,6 +941,10 @@ arpintr(void)
goto badlen;
rcvif = m_get_rcvif(m, &s);
+ if (__predict_false(rcvif == NULL)) {
+ ARP_STATINC(ARP_STAT_RCVNOINT);
+ goto free;
+ }
switch (rcvif->if_type) {
case IFT_IEEE1394:
arplen = sizeof(struct arphdr) +
@@ -967,6 +971,7 @@ arpintr(void)
badlen:
ARP_STATINC(ARP_STAT_RCVBADLEN);
}
+free:
m_freem(m);
}
out:
@@ -1312,10 +1317,15 @@ reply:
struct llentry *lle = NULL;
struct sockaddr_in sin;
#if NCARP > 0
- struct ifnet *_rcvif = m_get_rcvif(m, &s);
- if (ifp->if_type == IFT_CARP && _rcvif->if_type != IFT_CARP)
- goto out;
- m_put_rcvif(_rcvif, &s);
+ if (ifp->if_type == IFT_CARP) {
+ struct ifnet *_rcvif = m_get_rcvif(m, &s);
+ int iftype = 0;
+ if (__predict_true(_rcvif != NULL))
+ iftype = _rcvif->if_type;
+ m_put_rcvif(_rcvif, &s);
+ if (iftype != IFT_CARP)
+ goto out;
+ }
#endif
tha = ar_tha(ah);
@@ -1877,6 +1887,8 @@ in_revarpinput(struct mbuf *m)
op = ntohs(ah->ar_op);
rcvif = m_get_rcvif(m, &s);
+ if (__predict_false(rcvif == NULL))
+ goto out;
switch (rcvif->if_type) {
case IFT_IEEE1394:
/* ARP without target hardware address is not supported */
Index: src/sys/netinet/ip_flow.c
diff -u src/sys/netinet/ip_flow.c:1.79 src/sys/netinet/ip_flow.c:1.80
--- src/sys/netinet/ip_flow.c:1.79 Wed Jan 11 13:08:29 2017
+++ src/sys/netinet/ip_flow.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_flow.c,v 1.79 2017/01/11 13:08:29 ozaki-r Exp $ */
+/* $NetBSD: ip_flow.c,v 1.80 2017/02/07 02:38:08 ozaki-r Exp $ */
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.79 2017/01/11 13:08:29 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_flow.c,v 1.80 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_net_mpsafe.h"
@@ -247,6 +247,8 @@ ipflow_fastforward(struct mbuf *m)
goto out;
ifp = m_get_rcvif(m, &s);
+ if (__predict_false(ifp == NULL))
+ goto out_unref;
/*
* Verify the IP header checksum.
*/
Index: src/sys/netinet/ip_icmp.c
diff -u src/sys/netinet/ip_icmp.c:1.156 src/sys/netinet/ip_icmp.c:1.157
--- src/sys/netinet/ip_icmp.c:1.156 Thu Feb 2 02:52:10 2017
+++ src/sys/netinet/ip_icmp.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.156 2017/02/02 02:52:10 ozaki-r Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.157 2017/02/07 02:38:08 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.156 2017/02/02 02:52:10 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.157 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_ipsec.h"
@@ -562,7 +562,7 @@ _icmp_input(struct mbuf *m, int hlen, in
case ICMP_MASKREQ: {
struct ifnet *rcvif;
int s, ss;
- struct ifaddr *ifa;
+ struct ifaddr *ifa = NULL;
if (icmpmaskrepl == 0)
break;
@@ -581,7 +581,8 @@ _icmp_input(struct mbuf *m, int hlen, in
icmpdst.sin_addr = ip->ip_dst;
ss = pserialize_read_enter();
rcvif = m_get_rcvif(m, &s);
- ifa = ifaof_ifpforaddr(sintosa(&icmpdst), rcvif);
+ if (__predict_true(rcvif != NULL))
+ ifa = ifaof_ifpforaddr(sintosa(&icmpdst), rcvif);
m_put_rcvif(rcvif, &s);
if (ifa == NULL) {
pserialize_read_exit(ss);
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.348 src/sys/netinet/ip_input.c:1.349
--- src/sys/netinet/ip_input.c:1.348 Tue Jan 24 07:09:24 2017
+++ src/sys/netinet/ip_input.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.348 2017/01/24 07:09:24 ozaki-r Exp $ */
+/* $NetBSD: ip_input.c,v 1.349 2017/02/07 02:38:08 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.348 2017/01/24 07:09:24 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.349 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -908,7 +908,7 @@ ip_dooptions(struct mbuf *m)
int opt, optlen, cnt, off, code, type = ICMP_PARAMPROB, forward = 0;
struct in_addr dst;
n_time ntime;
- struct ifaddr *ifa;
+ struct ifaddr *ifa = NULL;
int s;
dst = ip->ip_dst;
@@ -1098,7 +1098,10 @@ ip_dooptions(struct mbuf *m)
ipaddr.sin_addr = dst;
_ss = pserialize_read_enter();
rcvif = m_get_rcvif(m, &_s);
- ifa = ifaof_ifpforaddr(sintosa(&ipaddr), rcvif);
+ if (__predict_true(rcvif != NULL)) {
+ ifa = ifaof_ifpforaddr(sintosa(&ipaddr),
+ rcvif);
+ }
m_put_rcvif(rcvif, &_s);
if (ifa == NULL) {
pserialize_read_exit(_ss);
Index: src/sys/netinet/tcp_input.c
diff -u src/sys/netinet/tcp_input.c:1.353 src/sys/netinet/tcp_input.c:1.354
--- src/sys/netinet/tcp_input.c:1.353 Wed Jan 4 12:35:14 2017
+++ src/sys/netinet/tcp_input.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: tcp_input.c,v 1.353 2017/01/04 12:35:14 kre Exp $ */
+/* $NetBSD: tcp_input.c,v 1.354 2017/02/07 02:38:08 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -148,7 +148,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.353 2017/01/04 12:35:14 kre Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_input.c,v 1.354 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -904,6 +904,8 @@ tcp_input_checksum(int af, struct mbuf *
*/
rcvif = m_get_rcvif(m, &s);
+ if (__predict_false(rcvif == NULL))
+ goto badcsum; /* XXX */
switch (af) {
#ifdef INET
Index: src/sys/netinet6/icmp6.c
diff -u src/sys/netinet6/icmp6.c:1.207 src/sys/netinet6/icmp6.c:1.208
--- src/sys/netinet6/icmp6.c:1.207 Thu Feb 2 02:52:10 2017
+++ src/sys/netinet6/icmp6.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.207 2017/02/02 02:52:10 ozaki-r Exp $ */
+/* $NetBSD: icmp6.c,v 1.208 2017/02/07 02:38:08 ozaki-r Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.207 2017/02/02 02:52:10 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.208 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1067,6 +1067,8 @@ icmp6_notify_error(struct mbuf *m, int o
eip6 = (struct ip6_hdr *)(icmp6 + 1);
rcvif = m_get_rcvif(m, &s);
+ if (__predict_false(rcvif == NULL))
+ goto freeit;
sockaddr_in6_init(&icmp6dst,
(finaldst == NULL) ? &eip6->ip6_dst : finaldst, 0, 0, 0);
if (in6_setscope(&icmp6dst.sin6_addr, rcvif, NULL)) {
@@ -1164,6 +1166,8 @@ icmp6_mtudisc_update(struct ip6ctlparam
sin6.sin6_len = sizeof(struct sockaddr_in6);
sin6.sin6_addr = *dst;
rcvif = m_get_rcvif(m, &s);
+ if (__predict_false(rcvif == NULL))
+ return;
if (in6_setscope(&sin6.sin6_addr, rcvif, NULL)) {
m_put_rcvif(rcvif, &s);
return;
@@ -1307,6 +1311,8 @@ ni6_input(struct mbuf *m, int off)
m_copydata(m, off + sizeof(struct icmp6_nodeinfo),
subjlen, (void *)&in6_subj);
rcvif = m_get_rcvif(m, &s);
+ if (__predict_false(rcvif == NULL))
+ goto bad;
if (in6_setscope(&in6_subj, rcvif, NULL)) {
m_put_rcvif(rcvif, &s);
goto bad;
Index: src/sys/netinet6/mld6.c
diff -u src/sys/netinet6/mld6.c:1.80 src/sys/netinet6/mld6.c:1.81
--- src/sys/netinet6/mld6.c:1.80 Tue Jan 24 07:09:25 2017
+++ src/sys/netinet6/mld6.c Tue Feb 7 02:38:08 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: mld6.c,v 1.80 2017/01/24 07:09:25 ozaki-r Exp $ */
+/* $NetBSD: mld6.c,v 1.81 2017/02/07 02:38:08 ozaki-r Exp $ */
/* $KAME: mld6.c,v 1.25 2001/01/16 14:14:18 itojun Exp $ */
/*
@@ -102,7 +102,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.80 2017/01/24 07:09:25 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: mld6.c,v 1.81 2017/02/07 02:38:08 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -345,6 +345,8 @@ mld_input(struct mbuf *m, int off)
int s;
ifp = m_get_rcvif(m, &s);
+ if (__predict_false(ifp == NULL))
+ goto out;
IP6_EXTHDR_GET(mldh, struct mld_hdr *, m, off, sizeof(*mldh));
if (mldh == NULL) {
ICMP6_STATINC(ICMP6_STAT_TOOSHORT);
